diff --git a/source/libs/libwolfssl/error-ssl.h b/source/libs/libwolfssl/error-ssl.h index de412772..837d6c54 100644 --- a/source/libs/libwolfssl/error-ssl.h +++ b/source/libs/libwolfssl/error-ssl.h @@ -169,6 +169,7 @@ enum wolfSSL_ErrorCodes { TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ DTLS_SIZE_ERROR = -439, /* Trying to send too much data */ NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */ + APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */ /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ diff --git a/source/libs/libwolfssl/internal.h b/source/libs/libwolfssl/internal.h index ea96bb1b..0ad318ec 100644 --- a/source/libs/libwolfssl/internal.h +++ b/source/libs/libwolfssl/internal.h @@ -146,6 +146,8 @@ /* do nothing, just don't pick Unix */ #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) /* do nothing */ +#elif defined(RTTHREAD) + /* do nothing */ #elif defined(EBSNET) /* do nothing */ #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) @@ -1692,6 +1694,11 @@ WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl); WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv); WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz); +#ifdef WOLF_CRYPTO_CB +WOLFSSL_LOCAL int CreateDevPrivateKey(void** pkey, byte* buffer, word32 length, + int hsType, int label, int id, + void* heap, int devId); +#endif WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length); #ifdef HAVE_PK_CALLBACKS WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); @@ -1713,9 +1720,11 @@ WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz); WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); -#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef HAVE_SNI +#ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); #endif +#endif #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz, const byte* aad, word16 aadSz); @@ -1727,6 +1736,7 @@ WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz, byte* extMsgType); +WOLFSSL_LOCAL int RestartHandshakeHash(WOLFSSL* ssl); #endif int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, int pLen, int content); @@ -1998,18 +2008,22 @@ struct WOLFSSL_CERT_MANAGER { #ifndef NO_WOLFSSL_CM_VERIFY VerifyCallback verifyCallback; /* Verify callback */ #endif - CallbackCACache caCacheCallback; /* CA cache addition callback */ - CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */ - CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ - CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ - wolfSSL_Mutex caLock; /* CA list lock */ - byte crlEnabled; /* is CRL on ? */ - byte crlCheckAll; /* always leaf, but all ? */ - byte ocspEnabled; /* is OCSP on ? */ - byte ocspCheckAll; /* always leaf, but all ? */ - byte ocspSendNonce; /* send the OCSP nonce ? */ - byte ocspUseOverrideURL; /* ignore cert's responder, override */ - byte ocspStaplingEnabled; /* is OCSP Stapling on ? */ + CallbackCACache caCacheCallback; /* CA cache addition callback */ + CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */ + CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ + CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ + wolfSSL_Mutex caLock; /* CA list lock */ + byte crlEnabled:1; /* is CRL on ? */ + byte crlCheckAll:1; /* always leaf, but all ? */ + byte ocspEnabled:1; /* is OCSP on ? */ + byte ocspCheckAll:1; /* always leaf, but all ? */ + byte ocspSendNonce:1; /* send the OCSP nonce ? */ + byte ocspUseOverrideURL:1; /* ignore cert responder, override */ + byte ocspStaplingEnabled:1; /* is OCSP Stapling on ? */ +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ +|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + byte ocspMustStaple:1; /* server must respond with staple */ +#endif #ifndef NO_RSA short minRsaKeySz; /* minimum allowed RSA key size */ @@ -2017,6 +2031,8 @@ struct WOLFSSL_CERT_MANAGER { #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum allowed ECC key size */ #endif + wolfSSL_Mutex refMutex; /* reference count mutex */ + int refCount; /* reference count */ }; WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*); @@ -2158,14 +2174,16 @@ typedef struct Keys { #ifdef HAVE_TLS_EXTENSIONS typedef enum { +#ifdef HAVE_SNI TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ +#endif TLSX_MAX_FRAGMENT_LENGTH = 0x0001, TLSX_TRUSTED_CA_KEYS = 0x0003, TLSX_TRUNCATED_HMAC = 0x0004, TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */ TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */ TLSX_EC_POINT_FORMATS = 0x000b, -#if !defined(WOLFSSL_NO_SIGALG) +#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS = 0x000d, /* HELLO_EXT_SIG_ALGO */ #endif TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */ @@ -2184,14 +2202,18 @@ typedef enum { TLSX_EARLY_DATA = 0x002a, #endif TLSX_SUPPORTED_VERSIONS = 0x002b, + #ifdef WOLFSSL_SEND_HRR_COOKIE TLSX_COOKIE = 0x002c, + #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d, #endif #ifdef WOLFSSL_POST_HANDSHAKE_AUTH TLSX_POST_HANDSHAKE_AUTH = 0x0031, #endif + #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032, + #endif TLSX_KEY_SHARE = 0x0033, #endif TLSX_RENEGOTIATION_INFO = 0xff01 @@ -2334,7 +2356,7 @@ typedef struct { union { OcspRequest ocsp; } request; -#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) +#if defined(WOLFSSL_TLS13) buffer response; #endif } CertificateStatusRequest; @@ -2620,9 +2642,14 @@ enum SetCBIO { #endif #ifdef WOLFSSL_STATIC_EPHEMERAL +/* contains static ephemeral keys */ typedef struct { - int keyAlgo; - DerBuffer* key; +#ifndef NO_DH + DerBuffer* dhKey; +#endif +#ifdef HAVE_ECC + DerBuffer* ecKey; +#endif } StaticKeyExchangeInfo_t; #endif @@ -2644,7 +2671,7 @@ struct WOLFSSL_CTX { DerBuffer* certificate; DerBuffer* certChain; /* chain after self, in DER, with leading size for each cert */ - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ @@ -2656,8 +2683,9 @@ struct WOLFSSL_CTX { int certChainCnt; #endif DerBuffer* privateKey; - byte privateKeyType:7; + byte privateKeyType:6; byte privateKeyId:1; + byte privateKeyLabel:1; int privateKeySz; int privateKeyDevId; WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ @@ -2804,13 +2832,11 @@ struct WOLFSSL_CTX { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) +#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ - defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) )) +#ifdef HAVE_SNI CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif @@ -3214,17 +3240,19 @@ struct WOLFSSL_SESSION { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif + byte side; /* Either WOLFSSL_CLIENT_END or + WOLFSSL_SERVER_END */ }; -WOLFSSL_LOCAL -WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); -WOLFSSL_LOCAL -int SetSession(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_LOCAL WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); +WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); +WOLFSSL_LOCAL void FreeSession(WOLFSSL_SESSION*, int); typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int, int); #ifndef NO_CLIENT_CACHE + WOLFSSL_LOCAL WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); #endif @@ -3312,8 +3340,9 @@ typedef struct Buffers { #ifndef NO_CERTS DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */ DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */ - byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */ + byte keyType:6; /* Type of key: RSA, ECC, Ed25519 */ byte keyId:1; /* Key data is an id not data */ + byte keyLabel:1; /* Key data is a label not data */ int keySz; /* Size of RSA key */ int keyDevId; /* Device Id for key */ DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */ @@ -3597,6 +3626,8 @@ struct WOLFSSL_STACK { * (safety measure for freeing and shortcut for count) */ #if defined(OPENSSL_ALL) wolf_sk_compare_cb comp; + wolf_sk_hash_cb hash_fn; + unsigned long hash; #endif union { @@ -3608,7 +3639,9 @@ struct WOLFSSL_STACK { WOLFSSL_CIPHER cipher; WOLFSSL_ACCESS_DESCRIPTION* access; WOLFSSL_X509_EXTENSION* ext; +#ifdef OPENSSL_EXTRA WOLFSSL_CONF_VALUE* conf; +#endif void* generic; char* string; WOLFSSL_GENERAL_NAME* gn; @@ -3629,7 +3662,7 @@ struct WOLFSSL_X509_NAME { WOLFSSL_X509_NAME_ENTRY entry[MAX_NAME_ENTRIES]; /* all entries i.e. CN */ WOLFSSL_X509* x509; /* x509 that struct belongs to */ #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) byte raw[ASN_NAME_MAX]; int rawLen; #endif @@ -3662,6 +3695,7 @@ struct WOLFSSL_X509 { #endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ + WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */ #endif /* WOLFSSL_QT || OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -3731,10 +3765,17 @@ struct WOLFSSL_X509 { byte subjAltNameCrit:1; byte authKeyIdSet:1; byte authKeyIdCrit:1; + byte issuerSet:1; #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef WOLFSSL_CERT_REQ + byte isCSR:1; +#endif byte serial[EXTERNAL_SERIAL_SIZE]; char subjectCN[ASN_NAME_MAX]; /* common name short cut */ #ifdef WOLFSSL_CERT_REQ +#ifdef OPENSSL_ALL + WOLFSSL_X509_ATTRIBUTE* challengePwAttr; +#endif char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ #endif WOLFSSL_X509_NAME issuer; @@ -3743,7 +3784,11 @@ struct WOLFSSL_X509 { WOLFSSL_X509_ALGOR algor; WOLFSSL_X509_PUBKEY key; #endif - byte issuerSet:1; +#if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \ + defined(SESSION_CERTS) + byte notBeforeData[CTC_DATE_SIZE]; + byte notAfterData[CTC_DATE_SIZE]; +#endif }; @@ -4077,6 +4122,9 @@ struct WOLFSSL { int dtls_timeout_init; /* starting timeout value */ int dtls_timeout_max; /* maximum timeout value */ int dtls_timeout; /* current timeout value, changes */ +#ifndef NO_ASN_TIME + word32 dtls_start_timeout; +#endif /* !NO_ASN_TIME */ word32 dtls_tx_msg_list_sz; word32 dtls_rx_msg_list_sz; DtlsMsg* dtls_tx_msg_list; @@ -4259,6 +4307,15 @@ struct WOLFSSL { #ifdef WOLFSSL_STATIC_EPHEMERAL StaticKeyExchangeInfo_t staticKE; #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) + /* Added in libest port: allow applications to get the 'tls-unique' Channel + * Binding Type (https://tools.ietf.org/html/rfc5929#section-3). This is + * used in the EST protocol to bind an enrollment to a TLS session through + * 'proof-of-possession' (https://tools.ietf.org/html/rfc7030#section-3.4 + * and https://tools.ietf.org/html/rfc7030#section-3.5). */ + byte clientFinished[TLS_FINISHED_SZ]; + byte serverFinished[TLS_FINISHED_SZ]; +#endif }; @@ -4418,6 +4475,7 @@ WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side); WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl); WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv); +WOLFSSL_LOCAL int TLSv1_3_Capable(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl); WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree); @@ -4559,6 +4617,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); WOLFSSL_LOCAL int DtlsUseSCRKeys(WOLFSSL* ssl); WOLFSSL_LOCAL int DtlsCheckOrder(WOLFSSL* ssl, int order); #endif + WOLFSSL_LOCAL int IsSCR(WOLFSSL* ssl); WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); @@ -4596,6 +4655,7 @@ typedef struct CipherSuiteInfo { byte minor; byte major; #endif + byte flags; } CipherSuiteInfo; WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); @@ -4617,7 +4677,8 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, - byte* cipherSuite); + byte* cipherSuite, int* flags); + enum encrypt_side { ENCRYPT_SIDE_ONLY = 1, diff --git a/source/libs/libwolfssl/libwolfssl.a b/source/libs/libwolfssl/libwolfssl.a index e98409f4..0e690242 100644 Binary files a/source/libs/libwolfssl/libwolfssl.a and b/source/libs/libwolfssl/libwolfssl.a differ diff --git a/source/libs/libwolfssl/ocsp.h b/source/libs/libwolfssl/ocsp.h index 4dbc0b84..62313a45 100644 --- a/source/libs/libwolfssl/ocsp.h +++ b/source/libs/libwolfssl/ocsp.h @@ -38,10 +38,12 @@ typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ - defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; -typedef struct OcspRequest WOLFSSL_OCSP_CERTID; +typedef struct OcspEntry WOLFSSL_OCSP_CERTID; + +typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP; typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ; @@ -62,7 +64,7 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp OcspEntry *entry, OcspRequest *ocspRequest); #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) + defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID *id, int *status, int *reason, @@ -82,8 +84,10 @@ WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags); WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response); +#ifndef NO_BIO WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, OcspResponse** response); +#endif WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, const unsigned char** data, int len); WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, @@ -100,8 +104,20 @@ WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, WOLFSSL_OCSP_CERTID *cid); WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID*); +#ifndef NO_BIO WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req); +#endif + +WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID *, unsigned char **); +WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single); +WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, + int *reason, + WOLFSSL_ASN1_TIME **revtime, + WOLFSSL_ASN1_TIME **thisupd, + WOLFSSL_ASN1_TIME **nextupd); +WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); +WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int idx); #endif #ifdef OPENSSL_EXTRA diff --git a/source/libs/libwolfssl/openssl/aes.h b/source/libs/libwolfssl/openssl/aes.h index 6e3b65b7..83121c22 100644 --- a/source/libs/libwolfssl/openssl/aes.h +++ b/source/libs/libwolfssl/openssl/aes.h @@ -42,26 +42,7 @@ * OpenSSL compatibility layer. This makes code working with an AES structure * to need the size of the structure. */ typedef struct WOLFSSL_AES_KEY { - /* aligned and big enough for Aes from wolfssl/wolfcrypt/aes.h */ - ALIGN16 void* holder[(376 + WC_ASYNC_DEV_SIZE)/ sizeof(void*)]; - #ifdef GCM_TABLE - /* key-based fast multiplication table. */ - ALIGN16 void* M0[4096 / sizeof(void*)]; - #endif /* GCM_TABLE */ - #if defined(WOLFSSL_DEVCRYPTO) && \ - (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) - /* large enough for additional devcrypto information */ - void* devKey[288 / sizeof(void*)]; - #endif - #ifdef WOLFSSL_AFALG - void* afalg_holder[288 / sizeof(void*)]; - #endif - #ifdef HAVE_PKCS11 - void* pkcs11_holder[(AES_MAX_ID_LEN + sizeof(int)) / sizeof(void*)]; - #endif - #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) - void* async_holder[128 / sizeof(void*)]; - #endif + ALIGN16 void *buf[(sizeof(Aes) / sizeof(void *)) + 1]; } WOLFSSL_AES_KEY; typedef WOLFSSL_AES_KEY AES_KEY; diff --git a/source/libs/libwolfssl/openssl/asn1.h b/source/libs/libwolfssl/openssl/asn1.h index a8e09385..b31fda47 100644 --- a/source/libs/libwolfssl/openssl/asn1.h +++ b/source/libs/libwolfssl/openssl/asn1.h @@ -32,6 +32,10 @@ #define ASN1_STRING_set wolfSSL_ASN1_STRING_set #define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_get_object wolfSSL_ASN1_get_object +#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT +#define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT + #define V_ASN1_INTEGER 0x02 #define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ #define V_ASN1_NEG 0x100 @@ -66,10 +70,21 @@ #define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff #define ASN1_TIME_set wolfSSL_ASN1_TIME_set +#define V_ASN1_EOC 0 #define V_ASN1_OBJECT 6 +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_IA5STRING 22 #define V_ASN1_UTCTIME 23 #define V_ASN1_GENERALIZEDTIME 24 -#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_UNIVERSALSTRING 28 +#define V_ASN1_BMPSTRING 30 + + +#define V_ASN1_CONSTRUCTED 0x20 #define ASN1_STRING_FLAG_BITS_LEFT 0x008 #define ASN1_STRING_FLAG_NDEF 0x010 @@ -83,6 +98,12 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value); +WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, + int *cls, long inLen); + +WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, + const unsigned char **pp, long len); + #ifdef OPENSSL_ALL /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally * we don't use this. Some projects use OpenSSL to implement ASN1 types and diff --git a/source/libs/libwolfssl/openssl/bio.h b/source/libs/libwolfssl/openssl/bio.h index 71ef94a9..b7ced08e 100644 --- a/source/libs/libwolfssl/openssl/bio.h +++ b/source/libs/libwolfssl/openssl/bio.h @@ -40,7 +40,14 @@ #define BIO_FLAGS_SHOULD_RETRY WOLFSSL_BIO_FLAG_RETRY #define BIO_new_fp wolfSSL_BIO_new_fp +#if defined(OPENSSL_ALL) \ + || defined(HAVE_STUNNEL) \ + || defined(HAVE_LIGHTY) \ + || defined(WOLFSSL_MYSQL_COMPATIBLE) \ + || defined(WOLFSSL_HAPROXY) \ + || defined(OPENSSL_EXTRA) #define BIO_new_file wolfSSL_BIO_new_file +#endif #define BIO_new_fp wolfSSL_BIO_new_fp #define BIO_ctrl wolfSSL_BIO_ctrl #define BIO_ctrl_pending wolfSSL_BIO_ctrl_pending @@ -57,6 +64,7 @@ #define BIO_set_write_buf_size wolfSSL_BIO_set_write_buf_size #define BIO_make_bio_pair wolfSSL_BIO_make_bio_pair +#define BIO_new_fd wolfSSL_BIO_new_fd #define BIO_set_fp wolfSSL_BIO_set_fp #define BIO_get_fp wolfSSL_BIO_get_fp #define BIO_seek wolfSSL_BIO_seek @@ -123,6 +131,7 @@ #define BIO_meth_set_create wolfSSL_BIO_meth_set_create #define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy +#define BIO_snprintf XSNPRINTF /* BIO CTRL */ #define BIO_CTRL_RESET 1 @@ -149,6 +158,7 @@ #define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_FP_TEXT 0x00 #define BIO_NOCLOSE 0x00 #define BIO_CLOSE 0x01 diff --git a/source/libs/libwolfssl/openssl/bn.h b/source/libs/libwolfssl/openssl/bn.h index c49f3809..93be9513 100644 --- a/source/libs/libwolfssl/openssl/bn.h +++ b/source/libs/libwolfssl/openssl/bn.h @@ -40,7 +40,7 @@ typedef struct WOLFSSL_BIGNUM { int neg; /* openssh deference */ void *internal; /* our big num */ -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) sp_int fp; #elif defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT) fp_int fp; @@ -49,7 +49,7 @@ typedef struct WOLFSSL_BIGNUM { #define BN_ULONG WOLFSSL_BN_ULONG -#define WOLFSSL_BN_ULONG mp_digit +#define WOLFSSL_BN_ULONG unsigned long typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; @@ -113,7 +113,7 @@ WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int); WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); -WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*); +WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); diff --git a/source/libs/libwolfssl/openssl/buffer.h b/source/libs/libwolfssl/openssl/buffer.h index 50a56f40..be298d1f 100644 --- a/source/libs/libwolfssl/openssl/buffer.h +++ b/source/libs/libwolfssl/openssl/buffer.h @@ -34,12 +34,18 @@ WOLFSSL_API WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void); WOLFSSL_API int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len); WOLFSSL_API void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf); +WOLFSSL_API size_t wolfSSL_strlcpy(char *dst, const char *src, size_t dstSize); +WOLFSSL_API size_t wolfSSL_strlcat(char *dst, const char *src, size_t dstSize); #define BUF_MEM_new wolfSSL_BUF_MEM_new #define BUF_MEM_grow wolfSSL_BUF_MEM_grow #define BUF_MEM_free wolfSSL_BUF_MEM_free +#define BUF_strdup strdup +#define BUF_strlcpy wolfSSL_strlcpy +#define BUF_strlcat wolfSSL_strlcat + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/openssl/conf.h b/source/libs/libwolfssl/openssl/conf.h index 373239ff..d13f84a3 100644 --- a/source/libs/libwolfssl/openssl/conf.h +++ b/source/libs/libwolfssl/openssl/conf.h @@ -28,18 +28,76 @@ extern "C" { #endif -struct WOLFSSL_CONF_VALUE { +#include +#include + +typedef struct WOLFSSL_CONF_VALUE { char *section; char *name; char *value; -}; +} WOLFSSL_CONF_VALUE; -struct WOLFSSL_INIT_SETTINGS { - char* appname; -}; +/* ssl.h requires WOLFSSL_CONF_VALUE */ +#include -typedef struct WOLFSSL_CONF_VALUE CONF_VALUE; -typedef struct WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; +typedef struct WOLFSSL_CONF { + void *meth_data; + WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data; +} WOLFSSL_CONF; + +typedef WOLFSSL_CONF CONF; +typedef WOLFSSL_CONF_VALUE CONF_VALUE; + +#ifdef OPENSSL_EXTRA + +WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void); +WOLFSSL_API int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf, + WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value); +WOLFSSL_API void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val); + +WOLFSSL_API WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth); +WOLFSSL_API char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf, + const char *group, const char *name); +WOLFSSL_API int wolfSSL_NCONF_get_number(const CONF *conf, const char *group, + const char *name, long *result); +WOLFSSL_API WOLFSSL_STACK *wolfSSL_NCONF_get_section( + const WOLFSSL_CONF *conf, const char *section); +WOLFSSL_API int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline); +WOLFSSL_API void wolfSSL_NCONF_free(WOLFSSL_CONF *conf); + +WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve( + WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data); + +WOLFSSL_API int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname, + unsigned long flags); +WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf, + const char *section); +WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf, + const char *section); + +#define sk_CONF_VALUE_new wolfSSL_sk_CONF_VALUE_new +#define sk_CONF_VALUE_free wolfSSL_sk_CONF_VALUE_free +#define sk_CONF_VALUE_pop_free(a,b) wolfSSL_sk_CONF_VALUE_free(a) +#define sk_CONF_VALUE_num wolfSSL_sk_CONF_VALUE_num +#define sk_CONF_VALUE_value wolfSSL_sk_CONF_VALUE_value + +#define lh_CONF_VALUE_retrieve wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve +#define lh_CONF_VALUE_insert wolfSSL_sk_CONF_VALUE_push + +#define NCONF_new wolfSSL_NCONF_new +#define NCONF_free wolfSSL_NCONF_free +#define NCONF_get_string wolfSSL_NCONF_get_string +#define NCONF_get_section wolfSSL_NCONF_get_section +#define NCONF_get_number wolfSSL_NCONF_get_number +#define NCONF_load wolfSSL_NCONF_load + +#define CONF_modules_load wolfSSL_CONF_modules_load +#define _CONF_new_section wolfSSL_CONF_new_section +#define _CONF_get_section wolfSSL_CONF_get_section + +#define X509V3_conf_free wolfSSL_X509V3_conf_free + +#endif /* OPENSSL_EXTRA */ #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/openssl/crypto.h b/source/libs/libwolfssl/openssl/crypto.h index 2319ff3d..ebcd4079 100644 --- a/source/libs/libwolfssl/openssl/crypto.h +++ b/source/libs/libwolfssl/openssl/crypto.h @@ -24,22 +24,32 @@ #ifndef WOLFSSL_CRYPTO_H_ #define WOLFSSL_CRYPTO_H_ -#include - #include +#include +#include + #ifdef WOLFSSL_PREFIX #include "prefix_crypto.h" #endif +typedef struct WOLFSSL_INIT_SETTINGS { + char* appname; +} WOLFSSL_INIT_SETTINGS; + +typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; WOLFSSL_API const char* wolfSSLeay_version(int type); WOLFSSL_API unsigned long wolfSSLeay(void); WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void); #ifdef OPENSSL_EXTRA +#include + WOLFSSL_API void wolfSSL_OPENSSL_free(void*); WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); + +WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); #endif #define CRYPTO_THREADID void @@ -62,14 +72,16 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); #define OPENSSL_free wolfSSL_OPENSSL_free #define OPENSSL_malloc wolfSSL_OPENSSL_malloc -#ifdef WOLFSSL_QT - #define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L - #define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L - #define OPENSSL_INIT_LOAD_CONFIG 0x00000040L -#endif +#define OPENSSL_INIT_ENGINE_ALL_BUILTIN 0x00000001L +#define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +#define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +#define OPENSSL_INIT_LOAD_CONFIG 0x00000040L + +#define OPENSSL_init_crypto wolfSSL_OPENSSL_init_crypto + #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_EX_DATA) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set @@ -86,6 +98,6 @@ typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int i #define CRYPTO_THREAD_r_lock wc_LockMutex #define CRYPTO_THREAD_unlock wc_UnLockMutex -#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_EX_DATA */ #endif /* header */ diff --git a/source/libs/libwolfssl/openssl/dh.h b/source/libs/libwolfssl/openssl/dh.h index 30fd35d8..a0454930 100644 --- a/source/libs/libwolfssl/openssl/dh.h +++ b/source/libs/libwolfssl/openssl/dh.h @@ -26,6 +26,7 @@ #define WOLFSSL_DH_H_ #include +#include #ifdef __cplusplus extern "C" { @@ -58,6 +59,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); +WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); diff --git a/source/libs/libwolfssl/openssl/ec.h b/source/libs/libwolfssl/openssl/ec.h index e616e021..d7f23839 100644 --- a/source/libs/libwolfssl/openssl/ec.h +++ b/source/libs/libwolfssl/openssl/ec.h @@ -301,6 +301,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order #define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits #define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of +#ifndef NO_WOLFSSL_STUB +#define EC_GROUP_set_point_conversion_form(...) +#endif #define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type diff --git a/source/libs/libwolfssl/openssl/evp.h b/source/libs/libwolfssl/openssl/evp.h index aaefeabe..e7c89f33 100644 --- a/source/libs/libwolfssl/openssl/evp.h +++ b/source/libs/libwolfssl/openssl/evp.h @@ -557,6 +557,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer); WOLFSSL_API int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx, + const char *name, const char *value); + WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen); @@ -569,11 +572,13 @@ WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, const WOLFSSL_EVP_PKEY *from); WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b); WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); -WOLFSSL_API int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey); -WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid); WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); @@ -825,11 +830,14 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_free wolfSSL_EVP_PKEY_free #define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref #define EVP_PKEY_size wolfSSL_EVP_PKEY_size +#define EVP_PKEY_copy_parameters wolfSSL_EVP_PKEY_copy_parameters #define EVP_PKEY_missing_parameters wolfSSL_EVP_PKEY_missing_parameters #define EVP_PKEY_cmp wolfSSL_EVP_PKEY_cmp #define EVP_PKEY_type wolfSSL_EVP_PKEY_type #define EVP_PKEY_base_id wolfSSL_EVP_PKEY_base_id +#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid #define EVP_PKEY_id wolfSSL_EVP_PKEY_id +#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str #define EVP_SignFinal wolfSSL_EVP_SignFinal #define EVP_SignInit wolfSSL_EVP_SignInit #define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex @@ -917,7 +925,6 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4) #define EVP_PKEY_NONE NID_undef -#define EVP_PKEY_RSA 6 #define EVP_PKEY_RSA2 19 #define EVP_PKEY_DH 28 #define EVP_CIPHER_mode WOLFSSL_CIPHER_mode diff --git a/source/libs/libwolfssl/openssl/lhash.h b/source/libs/libwolfssl/openssl/lhash.h index 01f8535f..84e29404 100644 --- a/source/libs/libwolfssl/openssl/lhash.h +++ b/source/libs/libwolfssl/openssl/lhash.h @@ -1,2 +1,64 @@ +/* lhash.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + /* lhash.h for openSSL */ +#ifndef WOLFSSL_lhash_H_ +#define WOLFSSL_lhash_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +#include + +#ifdef OPENSSL_ALL +#define IMPLEMENT_LHASH_HASH_FN(name, type) \ + unsigned long wolfSSL_##name##_LHASH_HASH(const void *arg) \ + { \ + const type *a = arg; \ + return name##_hash(a); \ + } +#define IMPLEMENT_LHASH_COMP_FN(name, type) \ + int wolfSSL_##name##_LHASH_COMP(const void *p1, const void *p2) \ + { \ + const type *_p1 = p1; \ + const type *_p2 = p2; \ + return name##_cmp(_p1, _p2); \ + } + +#define LHASH_HASH_FN(name) wolfSSL_##name##_LHASH_HASH +#define LHASH_COMP_FN(name) wolfSSL_##name##_LHASH_COMP + +WOLFSSL_API unsigned long wolfSSL_LH_strhash(const char *str); + +WOLFSSL_API void *wolfSSL_lh_retrieve(WOLFSSL_STACK *sk, void *data); + +#define lh_strhash wolfSSL_LH_strhash + +#endif + + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_lhash_H_ */ diff --git a/source/libs/libwolfssl/openssl/ocsp.h b/source/libs/libwolfssl/openssl/ocsp.h index 655a1751..f2fde405 100644 --- a/source/libs/libwolfssl/openssl/ocsp.h +++ b/source/libs/libwolfssl/openssl/ocsp.h @@ -30,6 +30,7 @@ #define OCSP_REQUEST OcspRequest #define OCSP_RESPONSE OcspResponse #define OCSP_BASICRESP WOLFSSL_OCSP_BASICRESP +#define OCSP_SINGLERESP WOLFSSL_OCSP_SINGLERESP #define OCSP_CERTID WOLFSSL_OCSP_CERTID #define OCSP_ONEREQ WOLFSSL_OCSP_ONEREQ @@ -76,6 +77,12 @@ #define i2d_OCSP_REQUEST_bio wolfSSL_i2d_OCSP_REQUEST_bio +#define i2d_OCSP_CERTID wolfSSL_i2d_OCSP_CERTID +#define OCSP_SINGLERESP_get0_id wolfSSL_OCSP_SINGLERESP_get0_id +#define OCSP_single_get0_status wolfSSL_OCSP_single_get0_status +#define OCSP_resp_count wolfSSL_OCSP_resp_count +#define OCSP_resp_get0 wolfSSL_OCSP_resp_get0 + #endif /* HAVE_OCSP */ #endif /* WOLFSSL_OCSP_H_ */ diff --git a/source/libs/libwolfssl/openssl/opensslv.h b/source/libs/libwolfssl/openssl/opensslv.h index 7f82800d..4b32dcc7 100644 --- a/source/libs/libwolfssl/openssl/opensslv.h +++ b/source/libs/libwolfssl/openssl/opensslv.h @@ -26,7 +26,11 @@ /* api version compatibility */ -#if defined(WOLFSSL_APACHE_HTTPD) +#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\ + defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ + defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) + /* valid version */ +#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ diff --git a/source/libs/libwolfssl/openssl/pem.h b/source/libs/libwolfssl/openssl/pem.h index 0fd31631..e31fb279 100644 --- a/source/libs/libwolfssl/openssl/pem.h +++ b/source/libs/libwolfssl/openssl/pem.h @@ -242,6 +242,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey #define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey #define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY +#ifndef NO_WOLFSSL_STUB +#define PEM_write_bio_ECPKParameters(...) 0 +#endif /* EVP_KEY */ #define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey #define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY diff --git a/source/libs/libwolfssl/openssl/pkcs12.h b/source/libs/libwolfssl/openssl/pkcs12.h index 55e8ba45..f7481f45 100644 --- a/source/libs/libwolfssl/openssl/pkcs12.h +++ b/source/libs/libwolfssl/openssl/pkcs12.h @@ -42,6 +42,7 @@ /* wolfSSL level using structs from ssl.h and calls down to wolfCrypt */ #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio #define PKCS12_parse wolfSSL_PKCS12_parse +#define PKCS12_verify_mac wolfSSL_PKCS12_verify_mac #define PKCS12_create wolfSSL_PKCS12_create #define PKCS12_PBE_add wolfSSL_PKCS12_PBE_add diff --git a/source/libs/libwolfssl/openssl/pkcs7.h b/source/libs/libwolfssl/openssl/pkcs7.h index a589a5ae..6163cc78 100644 --- a/source/libs/libwolfssl/openssl/pkcs7.h +++ b/source/libs/libwolfssl/openssl/pkcs7.h @@ -43,6 +43,7 @@ typedef struct WOLFSSL_PKCS7 PKCS7 pkcs7; unsigned char* data; int len; + WOLFSSL_STACK* certs; } WOLFSSL_PKCS7; @@ -53,8 +54,12 @@ WOLFSSL_API void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7); WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len); WOLFSSL_API PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); +WOLFSSL_API int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7); WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); +WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, + WOLFSSL_BIO* out); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7); WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, WOLFSSL_STACK* certs, int flags); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); @@ -65,6 +70,7 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); #define PKCS7_SIGNED_free wolfSSL_PKCS7_SIGNED_free #define d2i_PKCS7 wolfSSL_d2i_PKCS7 #define d2i_PKCS7_bio wolfSSL_d2i_PKCS7_bio +#define i2d_PKCS7_bio wolfSSL_i2d_PKCS7_bio #define PKCS7_verify wolfSSL_PKCS7_verify #define PKCS7_get0_signers wolfSSL_PKCS7_get0_signers #define PEM_write_bio_PKCS7 wolfSSL_PEM_write_bio_PKCS7 diff --git a/source/libs/libwolfssl/openssl/rsa.h b/source/libs/libwolfssl/openssl/rsa.h index 209e7418..be514482 100644 --- a/source/libs/libwolfssl/openssl/rsa.h +++ b/source/libs/libwolfssl/openssl/rsa.h @@ -117,9 +117,16 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*, int); +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int, int); WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, + unsigned int mLen, const unsigned char* sig, + unsigned int sigLen, WOLFSSL_RSA* rsa, + int padding); WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, unsigned char* to, WOLFSSL_RSA*, int padding); WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); diff --git a/source/libs/libwolfssl/openssl/srp.h b/source/libs/libwolfssl/openssl/srp.h new file mode 100644 index 00000000..23657ee6 --- /dev/null +++ b/source/libs/libwolfssl/openssl/srp.h @@ -0,0 +1,29 @@ +/* srp.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_SRP_H_ +#define WOLFSSL_SRP_H_ + +#include + +#define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS + +#endif /* WOLFSSL_SRP_H_ */ diff --git a/source/libs/libwolfssl/openssl/ssl.h b/source/libs/libwolfssl/openssl/ssl.h index 7482f82c..bf35a5d3 100644 --- a/source/libs/libwolfssl/openssl/ssl.h +++ b/source/libs/libwolfssl/openssl/ssl.h @@ -53,6 +53,8 @@ /* all NID_* values are in asn.h */ #include +#include + #ifdef __cplusplus extern "C" { #endif @@ -67,6 +69,10 @@ #undef ASN1_INTEGER #endif +#ifdef OPENSSL_EXTRA +#include +WOLFSSL_API int wolfSSL_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +#endif typedef WOLFSSL SSL; typedef WOLFSSL_SESSION SSL_SESSION; @@ -100,6 +106,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER; typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; typedef WOLFSSL_ASN1_STRING ASN1_STRING; typedef WOLFSSL_ASN1_TYPE ASN1_TYPE; +typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE; typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; typedef WOLFSSL_BUF_MEM BUF_MEM; @@ -279,9 +286,13 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback #define SSL_set_verify wolfSSL_set_verify #define SSL_set_verify_result wolfSSL_set_verify_result +#define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake +#define SSL_set_post_handshake_auth wolfSSL_set_post_handshake_auth +#define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth #define SSL_pending wolfSSL_pending #define SSL_load_error_strings wolfSSL_load_error_strings #define SSL_library_init wolfSSL_library_init +#define OPENSSL_init_ssl wolfSSL_OPENSSL_init_ssl #define OpenSSL_add_ssl_algorithms wolfSSL_library_init #define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode #define SSL_CTX_set_cipher_list wolfSSL_CTX_set_cipher_list @@ -297,6 +308,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_set_ex_data wolfSSL_set_ex_data #define SSL_get_shutdown wolfSSL_get_shutdown +#define SSL_get_finished wolfSSL_get_finished +#define SSL_get_peer_finished wolfSSL_get_peer_finished #define SSL_set_rfd wolfSSL_set_rfd #define SSL_set_wfd wolfSSL_set_wfd #define SSL_set_shutdown wolfSSL_set_shutdown @@ -333,6 +346,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_MODE_RELEASE_BUFFERS 0x00000010U #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext + #define X509_get_ext_by_OBJ wolfSSL_X509_get_ext_by_OBJ #define X509_cmp wolfSSL_X509_cmp #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_critical wolfSSL_X509_EXTENSION_get_critical @@ -348,11 +362,14 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define DSA_bits wolfSSL_DSA_bits #define i2d_X509_bio wolfSSL_i2d_X509_bio +#define i2d_X509_REQ_bio wolfSSL_i2d_X509_REQ_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio +#define d2i_X509_REQ_bio wolfSSL_d2i_X509_REQ_bio #define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ #define PEM_read_bio_X509_CRL wolfSSL_PEM_read_bio_X509_CRL #define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define PEM_read_X509 wolfSSL_PEM_read_X509 @@ -363,10 +380,18 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define i2d_PrivateKey wolfSSL_i2d_PrivateKey #define i2d_X509_REQ wolfSSL_i2d_X509_REQ +#define d2i_X509_REQ wolfSSL_d2i_X509_REQ #define X509_REQ_new wolfSSL_X509_REQ_new #define X509_REQ_free wolfSSL_X509_REQ_free #define X509_REQ_sign wolfSSL_X509_REQ_sign +#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx #define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions +#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID +#define X509_REQ_add1_attr_by_txt wolfSSL_X509_REQ_add1_attr_by_txt +#define X509_REQ_get_attr_by_NID wolfSSL_X509_REQ_get_attr_by_NID +#define X509_REQ_get_attr wolfSSL_X509_REQ_get_attr +#define X509_ATTRIBUTE_get0_type wolfSSL_X509_ATTRIBUTE_get0_type +#define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ #define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name #define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey #define PEM_write_bio_X509_REQ wolfSSL_PEM_write_bio_X509_REQ @@ -379,14 +404,19 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_get_ext_count wolfSSL_X509_get_ext_count #define X509_get_ext_d2i wolfSSL_X509_get_ext_d2i #define X509V3_EXT_i2d wolfSSL_X509V3_EXT_i2d +#define X509_get0_extensions wolfSSL_X509_get0_extensions +#define X509_get_extensions wolfSSL_X509_get0_extensions +#define X509_REQ_get_extensions wolfSSL_X509_REQ_get_extensions #define X509_get_ext wolfSSL_X509_get_ext #define X509_get_ext_by_NID wolfSSL_X509_get_ext_by_NID #define X509_get_issuer_name wolfSSL_X509_get_issuer_name #define X509_issuer_name_hash wolfSSL_X509_issuer_name_hash -#define X509_get_subject_name wolfSSL_X509_get_subject_name #define X509_subject_name_hash wolfSSL_X509_subject_name_hash +#define X509_get_subject_name wolfSSL_X509_get_subject_name +#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey +#define X509_REQ_get_pubkey wolfSSL_X509_get_pubkey #define X509_get_notBefore wolfSSL_X509_get_notBefore #define X509_get0_notBefore wolfSSL_X509_get_notBefore #define X509_get_notAfter wolfSSL_X509_get_notAfter @@ -408,12 +438,22 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_set_notBefore wolfSSL_X509_set_notBefore #define X509_set_serialNumber wolfSSL_X509_set_serialNumber #define X509_set_version wolfSSL_X509_set_version +#define X509_REQ_set_version wolfSSL_X509_set_version #define X509_sign wolfSSL_X509_sign +#define X509_sign_ctx wolfSSL_X509_sign_ctx #define X509_print wolfSSL_X509_print +#define X509_REQ_print wolfSSL_X509_print #define X509_print_ex wolfSSL_X509_print_ex +#define X509_print_fp wolfSSL_X509_print_fp +#define X509_REQ_print_fp wolfSSL_X509_print_fp +#define X509_signature_print wolfSSL_X509_signature_print +#define X509_get0_signature wolfSSL_X509_get0_signature #define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string #define X509_verify_cert wolfSSL_X509_verify_cert +#define X509_verify wolfSSL_X509_verify +#define X509_REQ_verify wolfSSL_X509_REQ_verify #define X509_check_private_key wolfSSL_X509_check_private_key +#define X509_REQ_check_private_key wolfSSL_X509_check_private_key #define X509_check_ca wolfSSL_X509_check_ca #define X509_check_host wolfSSL_X509_check_host #define X509_check_ip_asc wolfSSL_X509_check_ip_asc @@ -421,6 +461,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_check_issued wolfSSL_X509_check_issued #define X509_dup wolfSSL_X509_dup #define X509_add_ext wolfSSL_X509_add_ext +#define X509_delete_ext wolfSSL_X509_delete_ext #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data @@ -452,6 +493,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define sk_X509_INFO_pop wolfSSL_sk_X509_INFO_pop #define sk_X509_INFO_pop_free wolfSSL_sk_X509_INFO_pop_free #define sk_X509_INFO_free wolfSSL_sk_X509_INFO_free +#define sk_X509_INFO_shift wolfSSL_sk_X509_INFO_pop #define i2d_X509_NAME wolfSSL_i2d_X509_NAME #define d2i_X509_NAME wolfSSL_d2i_X509_NAME @@ -468,9 +510,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_NAME_add_entry wolfSSL_X509_NAME_add_entry #define X509_NAME_add_entry_by_txt wolfSSL_X509_NAME_add_entry_by_txt #define X509_NAME_add_entry_by_NID wolfSSL_X509_NAME_add_entry_by_NID +#define X509_NAME_delete_entry wolfSSL_X509_NAME_delete_entry #define X509_NAME_oneline wolfSSL_X509_NAME_oneline #define X509_NAME_get_index_by_NID wolfSSL_X509_NAME_get_index_by_NID #define X509_NAME_print_ex wolfSSL_X509_NAME_print_ex +#define X509_NAME_print_ex_fp wolfSSL_X509_NAME_print_ex_fp #define X509_NAME_digest wolfSSL_X509_NAME_digest #define X509_cmp_current_time wolfSSL_X509_cmp_current_time #define X509_cmp_time wolfSSL_X509_cmp_time @@ -511,6 +555,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_STORE_CTX_free wolfSSL_X509_STORE_CTX_free #define X509_STORE_CTX_get_chain wolfSSL_X509_STORE_CTX_get_chain #define X509_STORE_CTX_get1_chain wolfSSL_X509_STORE_CTX_get1_chain +#define X509_STORE_CTX_get0_parent_ctx wolfSSL_X509_STORE_CTX_get0_parent_ctx #define X509_STORE_CTX_get_error wolfSSL_X509_STORE_CTX_get_error #define X509_STORE_CTX_get_error_depth wolfSSL_X509_STORE_CTX_get_error_depth #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init @@ -563,6 +608,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY +#define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY #define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg #define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param #define X509_PUBKEY_get wolfSSL_X509_PUBKEY_get @@ -610,6 +656,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size #define BIO_f_ssl wolfSSL_BIO_f_ssl #define BIO_new_socket wolfSSL_BIO_new_socket +#ifndef NO_WOLFSSL_STUB +#define BIO_new_connect wolfSSL_BIO_new_connect +#define BIO_set_conn_port wolfSSL_BIO_set_conn_port +#define BIO_do_connect wolfSSL_BIO_do_connect +#endif #define SSL_set_bio wolfSSL_set_bio #define BIO_set_ssl wolfSSL_BIO_set_ssl #define BIO_eof wolfSSL_BIO_eof @@ -652,15 +703,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free +#define ASN1_TIME_new wolfSSL_ASN1_TIME_new +#define ASN1_UTCTIME_new wolfSSL_ASN1_TIME_new #define ASN1_TIME_free wolfSSL_ASN1_TIME_free +#define ASN1_UTCTIME_free wolfSSL_ASN1_TIME_free #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime +#define ASN1_TIME_set wolfSSL_ASN1_TIME_set +#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string +#define ASN1_TIME_to_string wolfSSL_ASN1_TIME_to_string #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print #define ASN1_GENERALIZEDTIME_free wolfSSL_ASN1_GENERALIZEDTIME_free #define ASN1_tag2str wolfSSL_ASN1_tag2str +#define a2i_ASN1_INTEGER wolfSSL_a2i_ASN1_INTEGER #define i2a_ASN1_INTEGER wolfSSL_i2a_ASN1_INTEGER #define i2c_ASN1_INTEGER wolfSSL_i2c_ASN1_INTEGER #define ASN1_INTEGER_new wolfSSL_ASN1_INTEGER_new @@ -673,13 +731,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define i2a_ASN1_OBJECT wolfSSL_i2a_ASN1_OBJECT #define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT +#define ASN1_STRING_new wolfSSL_ASN1_STRING_new +#define ASN1_STRING_free wolfSSL_ASN1_STRING_free +#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_STRING_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_data #define ASN1_STRING_length wolfSSL_ASN1_STRING_length #define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 +#define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string #define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex #define ASN1_STRING_print(x, y) wolfSSL_ASN1_STRING_print ((WOLFSSL_BIO*)(x), (WOLFSSL_ASN1_STRING*)(y)) #define d2i_DISPLAYTEXT wolfSSL_d2i_DISPLAYTEXT +#ifndef NO_WOLFSSL_STUB +#define ASN1_STRING_set_default_mask_asc(...) 1 +#endif + +#define ASN1_PRINTABLE_type(...) V_ASN1_PRINTABLESTRING #define ASN1_UTCTIME_pr wolfSSL_ASN1_UTCTIME_pr @@ -800,6 +867,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ NULL, __LINE__, __FILE__, NULL) #endif +#ifndef WOLFCRYPT_ONLY +#define EVPerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_EVP, \ + (func), (reason), __FILE__, __LINE__) +#else +#define EVPerr(func, reason) WOLFSSL_ERROR_LINE((reason), \ + NULL, __LINE__, __FILE__, NULL) +#endif #define SSLv23_server_method wolfSSLv23_server_method #define SSL_CTX_set_options wolfSSL_CTX_set_options @@ -897,6 +971,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define sk_X509_NAME_find wolfSSL_sk_X509_NAME_find +#define DHparams_dup wolfSSL_DH_dup #define PEM_read_bio_DHparams wolfSSL_PEM_read_bio_DHparams #define PEM_read_bio_DSAparams wolfSSL_PEM_read_bio_DSAparams @@ -924,8 +999,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ERR_LIB_SSL 20 #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 -#define V_ASN1_IA5STRING 22 -#define V_ASN1_UTF8STRING 12 #define SSL_CTRL_MODE 33 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 @@ -1091,6 +1164,12 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #endif /* HAVE_STUNNEL || WOLFSSL_NGINX */ + +#ifndef NO_WOLFSSL_STUB +#define b2i_PrivateKey_bio(...) NULL +#define b2i_PVK_bio(...) NULL +#endif + #define SSL_CTX_get_default_passwd_cb wolfSSL_CTX_get_default_passwd_cb #define SSL_CTX_get_default_passwd_cb_userdata wolfSSL_CTX_get_default_passwd_cb_userdata @@ -1128,6 +1207,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #include #define OPENSSL_STRING WOLFSSL_STRING +#define OPENSSL_CSTRING WOLFSSL_STRING #define TLSEXT_TYPE_application_layer_protocol_negotiation 16 @@ -1164,6 +1244,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define OPENSSL_config wolfSSL_OPENSSL_config #define OPENSSL_memdup wolfSSL_OPENSSL_memdup +#define OPENSSL_cleanse wolfSSL_OPENSSL_cleanse #define SSL_CTX_get_timeout wolfSSL_SSL_CTX_get_timeout #define SSL_CTX_set_tmp_ecdh wolfSSL_SSL_CTX_set_tmp_ecdh #define SSL_CTX_remove_session wolfSSL_SSL_CTX_remove_session @@ -1176,7 +1257,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_set_tlsext_ticket_key_cb wolfSSL_CTX_set_tlsext_ticket_key_cb #define SSL_CTX_set_tlsext_status_cb wolfSSL_CTX_set_tlsext_status_cb #define SSL_CTX_get_extra_chain_certs wolfSSL_CTX_get_extra_chain_certs +#define sk_OPENSSL_STRING_num wolfSSL_sk_WOLFSSL_STRING_num #define sk_OPENSSL_STRING_value wolfSSL_sk_WOLFSSL_STRING_value +#define sk_OPENSSL_PSTRING_num wolfSSL_sk_WOLFSSL_STRING_num +#define sk_OPENSSL_PSTRING_value (WOLFSSL_STRING*)wolfSSL_sk_WOLFSSL_STRING_value +#define sk_OPENSSL_STRING_free wolfSSL_sk_free #define SSL_get0_alpn_selected wolfSSL_get0_alpn_selected #define SSL_select_next_proto wolfSSL_select_next_proto #define SSL_CTX_set_alpn_select_cb wolfSSL_CTX_set_alpn_select_cb @@ -1198,8 +1283,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password #define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength #define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX #define SSL_get0_param wolfSSL_get0_param +#define SSL_get_srp_username wolfSSL_get_srp_username #define ERR_NUM_ERRORS 16 #define SN_pkcs9_emailAddress "Email" @@ -1231,6 +1318,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define OpenSSL_version(x) wolfSSL_OpenSSL_version() +#ifndef NO_WOLFSSL_STUB +#define OBJ_create_objects(...) +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/openssl/stack.h b/source/libs/libwolfssl/openssl/stack.h index baf38a87..559a7967 100644 --- a/source/libs/libwolfssl/openssl/stack.h +++ b/source/libs/libwolfssl/openssl/stack.h @@ -28,15 +28,12 @@ extern "C" { #endif -#include - typedef void (*wolfSSL_sk_freefunc)(void *); WOLFSSL_API void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, wolfSSL_sk_freefunc); WOLFSSL_API void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK *); WOLFSSL_API int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK *sk, void *data); WOLFSSL_API void wolfSSL_sk_pop_free(WOLFSSL_STACK *st, void (*func) (void *)); -WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk); WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_new_null(void); WOLFSSL_API int wolfSSL_sk_CIPHER_push(WOLFSSL_STACK *st,WOLFSSL_CIPHER *cipher); diff --git a/source/libs/libwolfssl/openssl/x509.h b/source/libs/libwolfssl/openssl/x509.h index 2f8efa2f..5b151453 100644 --- a/source/libs/libwolfssl/openssl/x509.h +++ b/source/libs/libwolfssl/openssl/x509.h @@ -5,6 +5,7 @@ #include #include #include +#include /* wolfSSL_X509_print_ex flags */ #define X509_FLAG_COMPAT (0UL) @@ -23,4 +24,21 @@ #define X509_FLAG_NO_IDS (1UL << 12) #define XN_FLAG_FN_SN 0 -#define XN_FLAG_SEP_CPLUS_SPC 2 +#define XN_FLAG_ONELINE 0 +#define XN_FLAG_COMPAT 0 +#define XN_FLAG_RFC2253 1 +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) +#define XN_FLAG_SEP_MULTILINE (4 << 16) +#define XN_FLAG_SEP_MASK (0xF << 16) +#define XN_FLAG_DN_REV (1 << 20) +#define XN_FLAG_FN_LN (1 << 21) +#define XN_FLAG_FN_OID (2 << 21) +#define XN_FLAG_FN_NONE (3 << 21) +#define XN_FLAG_FN_MASK (3 << 21) +#define XN_FLAG_SPC_EQ (1 << 23) +#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) +#define XN_FLAG_FN_ALIGN (1 << 25) + +#define XN_FLAG_MULTILINE 0xFFFF diff --git a/source/libs/libwolfssl/openssl/x509v3.h b/source/libs/libwolfssl/openssl/x509v3.h index 853d3899..b7412651 100644 --- a/source/libs/libwolfssl/openssl/x509v3.h +++ b/source/libs/libwolfssl/openssl/x509v3.h @@ -83,6 +83,8 @@ struct WOLFSSL_X509_EXTENSION { #define X509V3_CTX WOLFSSL_X509V3_CTX +#define CTX_TEST 0x1 + typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; @@ -99,6 +101,8 @@ WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, const WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); +WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, + const char *section, WOLFSSL_X509 *cert); #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free @@ -107,11 +111,20 @@ WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, #define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define X509V3_EXT_get wolfSSL_X509V3_EXT_get #define X509V3_EXT_d2i wolfSSL_X509V3_EXT_d2i +#define X509V3_EXT_add_nconf wolfSSL_X509V3_EXT_add_nconf +#ifndef NO_WOLFSSL_STUB +#define X509V3_parse_list(...) NULL +#endif #define i2s_ASN1_OCTET_STRING wolfSSL_i2s_ASN1_STRING #define X509V3_EXT_print wolfSSL_X509V3_EXT_print -#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid -#define X509V3_set_ctx wolfSSL_X509V3_set_ctx -#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb +#define X509V3_EXT_conf_nid wolfSSL_X509V3_EXT_conf_nid +#define X509V3_set_ctx wolfSSL_X509V3_set_ctx +#ifndef NO_WOLFSSL_STUB +#define X509V3_set_nconf(...) +#endif +#define X509V3_set_ctx_test(ctx) wolfSSL_X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +#define X509V3_set_ctx_nodb wolfSSL_X509V3_set_ctx_nodb +#define X509v3_get_ext_count wolfSSL_sk_num #ifdef __cplusplus } diff --git a/source/libs/libwolfssl/sniffer_error.h b/source/libs/libwolfssl/sniffer_error.h index 882aaeae..f2710522 100644 --- a/source/libs/libwolfssl/sniffer_error.h +++ b/source/libs/libwolfssl/sniffer_error.h @@ -109,7 +109,6 @@ #define GOT_CERT_STATUS_STR 73 #define RSA_KEY_MISSING_STR 74 #define NO_SECURE_RENEGOTIATION 75 - #define BAD_SESSION_STATS 76 #define REASSEMBLY_MAX_STR 77 #define DROPPING_LOST_FRAG_STR 78 @@ -131,6 +130,7 @@ #define STORE_DATA_FAIL_STR 92 #define CHAIN_INPUT_STR 93 #define GOT_ENC_EXT_STR 94 +#define GOT_HELLO_RETRY_REQ_STR 95 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/source/libs/libwolfssl/ssl.h b/source/libs/libwolfssl/ssl.h index 5a8105bd..4fc731a8 100644 --- a/source/libs/libwolfssl/ssl.h +++ b/source/libs/libwolfssl/ssl.h @@ -40,6 +40,10 @@ #include #endif + #ifdef WOLF_CRYPTO_CB + #include +#endif + /* used internally by wolfSSL while OpenSSL types aren't */ #include @@ -98,6 +102,19 @@ extern "C" { #endif +/* LHASH is implemented as a stack */ +typedef struct WOLFSSL_STACK WOLFSSL_LHASH; +#ifndef WOLF_LHASH_OF + #define WOLF_LHASH_OF(x) WOLFSSL_LHASH +#endif + +#ifndef WOLF_STACK_OF + #define WOLF_STACK_OF(x) WOLFSSL_STACK +#endif +#ifndef DECLARE_STACK_OF + #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x); +#endif + #ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED #define WOLFSSL_WOLFSSL_TYPE_DEFINED typedef struct WOLFSSL WOLFSSL; @@ -171,7 +188,6 @@ typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; typedef struct WOLFSSL_BIO WOLFSSL_BIO; typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; -typedef struct WOLFSSL_CONF_VALUE WOLFSSL_CONF_VALUE; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; @@ -185,6 +201,7 @@ typedef struct WOLFSSL_DH WOLFSSL_DH; #endif typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE; +typedef struct WOLFSSL_X509_ATTRIBUTE WOLFSSL_X509_ATTRIBUTE; typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME; typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID; @@ -314,6 +331,12 @@ struct WOLFSSL_ASN1_TYPE { } value; }; +struct WOLFSSL_X509_ATTRIBUTE { + WOLFSSL_ASN1_OBJECT *object; + WOLFSSL_ASN1_TYPE *value; + WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set; +}; + struct WOLFSSL_EVP_PKEY { void* heap; int type; /* openssh dereference */ @@ -468,6 +491,8 @@ struct WOLFSSL_BIO { void* heap; /* user heap hint */ void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ void* usrCtx; /* user set pointer */ + const char* ip; /* IP address for wolfIO_TcpConnect */ + word16 port; /* Port for wolfIO_TcpConnect */ char* infoArg; /* BIO callback argument */ wolf_bio_info_cb infoCb; /* BIO callback */ int wrSz; /* write buffer size (mem) */ @@ -523,11 +548,16 @@ struct WOLFSSL_X509_STORE { }; #define WOLFSSL_NO_WILDCARDS 0x4 + +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_WPAS_SMALL) || defined(WOLFSSL_IP_ALT_NAME) + #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ +#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 #define WOLFSSL_HOST_NAME_MAX 256 -#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ struct WOLFSSL_X509_VERIFY_PARAM { time_t check_time; unsigned long flags; @@ -789,8 +819,15 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE #endif + +WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); +WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); +WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); #endif /* !NO_CERTS */ +#define WOLFSSL_CIPHER_SUITE_FLAG_NONE 0x0 +#define WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS 0x1 + #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*, @@ -806,9 +843,6 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); -WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); -WOLFSSL_API long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx); -WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); WOLFSSL_ABI WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, @@ -853,6 +887,8 @@ WOLFSSL_API const char* wolfSSL_get_cipher_name_from_suite(const unsigned char, const unsigned char); WOLFSSL_API const char* wolfSSL_get_cipher_name_iana_from_suite( const unsigned char, const unsigned char); +WOLFSSL_API int wolfSSL_get_cipher_suite_from_name(const char* name, + byte* cipherSuite0, byte* cipherSuite, int* flags); WOLFSSL_API const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len); WOLFSSL_API const char* wolfSSL_get_curve_name(WOLFSSL* ssl); @@ -974,6 +1010,14 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long); + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*); +WOLFSSL_API int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int); +WOLFSSL_API int wolfSSL_set_post_handshake_auth(WOLFSSL*, int); +#endif + WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*); @@ -1070,20 +1114,6 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long); /* extras */ - -/* for now LHASH is not implemented */ -typedef int WOLFSSL_LHASH; -#ifndef WOLF_LHASH_OF - #define WOLF_LHASH_OF(x) WOLFSSL_LHASH -#endif - -#ifndef WOLF_STACK_OF - #define WOLF_STACK_OF(x) WOLFSSL_STACK -#endif -#ifndef DECLARE_STACK_OF - #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x); -#endif - WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in); @@ -1148,6 +1178,7 @@ WOLFSSL_API void wolfSSL_sk_ASN1_OBJECT_pop_free( WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, void (*f)(WOLFSSL_ASN1_OBJECT*)); WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in); +WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); @@ -1263,11 +1294,16 @@ WOLFSSL_API void wolfSSL_set_bio(WOLFSSL*, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_file(void); +WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); #endif WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); +WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); +WOLFSSL_API long wolfSSL_BIO_set_conn_port(WOLFSSL_BIO *b, char* port); +WOLFSSL_API long wolfSSL_BIO_do_connect(WOLFSSL_BIO *b); + WOLFSSL_API long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, void *parg); WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg); @@ -1329,6 +1365,13 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset #endif WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); +#ifndef NO_FILESYSTEM +WOLFSSL_API int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509); +#endif +WOLFSSL_API int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, + const WOLFSSL_X509_ALGOR *sigalg, const WOLFSSL_ASN1_STRING *sig); +WOLFSSL_API void wolfSSL_X509_get0_signature(const WOLFSSL_ASN1_BIT_STRING **psig, + const WOLFSSL_X509_ALGOR **palg, const WOLFSSL_X509 *x509); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); @@ -1353,6 +1396,9 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( WOLFSSL_X509*, unsigned char*, int*); WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API int wolfSSL_X509_REQ_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); +#endif WOLFSSL_API int wolfSSL_X509_set_subject_name(WOLFSSL_X509*, WOLFSSL_X509_NAME*); WOLFSSL_API int wolfSSL_X509_set_issuer_name(WOLFSSL_X509*, @@ -1369,6 +1415,7 @@ WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v); WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_MD* md); +WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx); WOLFSSL_API int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME*); @@ -1383,6 +1430,7 @@ WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* as WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type); WOLFSSL_API int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len); +WOLFSSL_API int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b); WOLFSSL_API void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1); WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int dataSz); @@ -1412,6 +1460,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain( WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API WOLFSSL_X509_STORE_CTX *wolfSSL_X509_STORE_CTX_get0_parent_ctx( + WOLFSSL_X509_STORE_CTX *ctx); WOLFSSL_API int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag); WOLFSSL_API int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE*); @@ -1425,7 +1475,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); -WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); @@ -1580,6 +1630,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); +WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength); + +WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl); WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); @@ -1730,7 +1783,6 @@ enum { * and auto retry */ SSL_MODE_RELEASE_BUFFERS = -1, /* For libwebsockets build. No current use. */ - BIO_FLAGS_BASE64_NO_NL = 1, BIO_CLOSE = 1, BIO_NOCLOSE = 0, @@ -1788,12 +1840,6 @@ enum { X509_R_CERT_ALREADY_IN_HASH_TABLE, - XN_FLAG_SPC_EQ = (1 << 23), - XN_FLAG_SEP_CPLUS_SPC = (2 << 16), - XN_FLAG_ONELINE = 0, - XN_FLAG_RFC2253 = 1, - XN_FLAG_DN_REV = (1 << 20), - CRYPTO_LOCK = 1, CRYPTO_NUM_LOCKS = 10, @@ -2014,7 +2060,7 @@ WOLFSSL_API long wolfSSL_CTX_set_options(WOLFSSL_CTX*, long); WOLFSSL_API long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_CTX_clear_options(WOLFSSL_CTX*, long); -#if !defined(NO_FILESYSTEM) && !defined(NO_CHECK_PRIVATE_KEY) +#if !defined(NO_CHECK_PRIVATE_KEY) WOLFSSL_API int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX*); #endif WOLFSSL_API void wolfSSL_ERR_free_strings(void); @@ -2061,13 +2107,14 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int *pday, int *psec, const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); +WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); #endif -WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); -WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); +WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk); +WOLFSSL_API void* wolfSSL_sk_value(const WOLFSSL_STACK* sk, int i); #if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)) WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx); WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, @@ -2164,6 +2211,10 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len); WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API WOLFSSL_X509* + wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +#endif WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, const unsigned char *in, int len); @@ -2182,6 +2233,10 @@ WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( const unsigned char* buf, int sz, int format); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_load_certificate_buffer( + const unsigned char* buf, int sz, int format); +#endif #ifdef WOLFSSL_SEP WOLFSSL_API unsigned char* @@ -2209,6 +2264,8 @@ WOLFSSL_API WOLFSSL_X509_PKCS12* wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_API int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca); +WOLFSSL_API int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw, + int pswLen); WOLFSSL_API WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert, WOLF_STACK_OF(WOLFSSL_X509)* ca, @@ -2310,7 +2367,13 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX*, - const unsigned char*, long, int, long); + const unsigned char*, long, + int, long); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX*, + const unsigned char*, long, + int); + WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX*, const char*, + int); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX*, @@ -2324,7 +2387,10 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, WOLFSSL_API int wolfSSL_use_PrivateKey_buffer(WOLFSSL*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_use_PrivateKey_id(WOLFSSL*, const unsigned char*, - long, int, long); + long, int, long); + WOLFSSL_API int wolfSSL_use_PrivateKey_Id(WOLFSSL*, const unsigned char*, + long, int); + WOLFSSL_API int wolfSSL_use_PrivateKey_Label(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL*, const unsigned char*, long, int); WOLFSSL_API int wolfSSL_use_certificate_chain_buffer(WOLFSSL*, @@ -2392,7 +2458,7 @@ WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void); WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int); WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*); -WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_GetVersion(const WOLFSSL* ssl); WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); /* moved to asn.c, old names kept for backwards compatibility */ @@ -2722,6 +2788,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap); WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); + WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER*); WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER*, const char* f, const char* d); @@ -2772,6 +2839,10 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling( WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_CertManagerEnableOCSPMustStaple( + WOLFSSL_CERT_MANAGER* cm); + WOLFSSL_API int wolfSSL_CertManagerDisableOCSPMustStaple( + WOLFSSL_CERT_MANAGER* cm); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm); #endif @@ -2808,6 +2879,8 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm) CbOCSPIO, CbOCSPRespFree, void*); WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX*); + WOLFSSL_API int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX*); #endif /* !NO_CERTS */ @@ -2923,7 +2996,7 @@ enum { WOLFSSL_MAX_ALPN_NUMBER = 257 }; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) typedef int (*CallbackALPNSelect)(WOLFSSL* ssl, const unsigned char** out, unsigned char* outLen, const unsigned char* in, unsigned int inLen, void *arg); @@ -3233,7 +3306,7 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, #include struct WOLFSSL_X509_NAME_ENTRY { - WOLFSSL_ASN1_OBJECT object; /* static object just for keeping grp, type */ + WOLFSSL_ASN1_OBJECT* object; /* static object just for keeping grp, type */ WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ int nid; /* i.e. ASN_COMMON_NAME */ int set; @@ -3290,7 +3363,6 @@ WOLFSSL_LOCAL int NIDToEccEnum(int n); /* end of object functions */ WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); -WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)); WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); @@ -3310,6 +3382,8 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry( + WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); @@ -3320,6 +3394,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); #endif /* !NO_CERTS */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) +WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); +#endif + #ifdef WOLFSSL_WPAS_SMALL /* WPA Supplicant requires GEN_ values */ #include @@ -3337,6 +3416,7 @@ WOLFSSL_API int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int WOLFSSL_API int wolfSSL_X509_add_ext(WOLFSSL_X509 *x, WOLFSSL_X509_EXTENSION *ex, int loc); WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509V3_EXT_i2d(int nid, int crit, void *data); +WOLFSSL_API WOLFSSL_X509_EXTENSION *wolfSSL_X509_delete_ext(WOLFSSL_X509 *x509, int loc); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid( WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid, char* value); @@ -3360,7 +3440,11 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx, #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_API int wolfSSL_X509_cmp(const WOLFSSL_X509* a, const WOLFSSL_X509* b); +WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_get0_extensions(const WOLFSSL_X509 *x); +WOLFSSL_API const WOLFSSL_STACK *wolfSSL_X509_REQ_get_extensions(const WOLFSSL_X509 *x); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x, int loc); +WOLFSSL_API int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, + const WOLFSSL_ASN1_OBJECT *obj, int lastpos); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x, int loc); WOLFSSL_API int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void); @@ -3382,6 +3466,9 @@ WOLFSSL_API int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses, WOLFSSL_API int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses); WOLFSSL_API int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API int wolfSSL_i2d_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); +#endif #if !defined(NO_FILESYSTEM) WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509** x509); @@ -3389,6 +3476,10 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, + WOLFSSL_X509** x509); +#endif #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -3412,6 +3503,9 @@ WOLFSSL_API int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX*, int); WOLFSSL_API int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +#endif WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX @@ -3491,6 +3585,7 @@ WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int c); || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) +#define X509_BUFFER_SZ 8192 WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_file(const char *filename, const char *mode); WOLFSSL_API long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX*, WOLFSSL_DH*); @@ -3510,12 +3605,31 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_new(void); WOLFSSL_API void wolfSSL_X509_REQ_free(WOLFSSL_X509* req); WOLFSSL_API int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md); +WOLFSSL_API int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req, + WOLFSSL_EVP_MD_CTX* md_ctx); WOLFSSL_API int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req, - WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext); + WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext_sk); WOLFSSL_API int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, WOLFSSL_X509_NAME *name); WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, + int nid, int type, + const unsigned char *bytes, + int len); +WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, + int nid, int lastpos); +WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_txt(WOLFSSL_X509 *req, + const char *attrname, int type, + const unsigned char *bytes, int len); +WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( + const WOLFSSL_X509 *req, int loc); +WOLFSSL_API WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void); +WOLFSSL_API void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr); +WOLFSSL_API WOLFSSL_ASN1_TYPE *wolfSSL_X509_ATTRIBUTE_get0_type( + WOLFSSL_X509_ATTRIBUTE *attr, int idx); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, + WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md); #endif @@ -3524,9 +3638,6 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, #include -/* SNI received callback type */ -typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); - WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); @@ -3578,8 +3689,9 @@ WOLFSSL_API void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)* void (*f) (WOLFSSL_X509_INFO*)); WOLFSSL_API void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)*); -typedef int (*wolf_sk_compare_cb)(const void* const *a, - const void* const *b); +typedef int (*wolf_sk_compare_cb)(const void* a, + const void* b); +typedef unsigned long (*wolf_sk_hash_cb) (const void *v); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new( wolf_sk_compare_cb); WOLFSSL_API int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)*, @@ -3599,6 +3711,18 @@ WOLFSSL_API int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJE WOLFSSL_API int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO*,WOLFSSL_X509_NAME*,int, unsigned long); +#ifndef NO_FILESYSTEM +WOLFSSL_API int wolfSSL_X509_NAME_print_ex_fp(XFILE,WOLFSSL_X509_NAME*,int, + unsigned long); +#endif + +WOLFSSL_API WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc); +WOLFSSL_API void wolfSSL_sk_CONF_VALUE_free(struct WOLFSSL_STACK *sk); +WOLFSSL_API int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk); +WOLFSSL_API WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value( + const struct WOLFSSL_STACK *sk, int i); +WOLFSSL_API int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk, + WOLFSSL_CONF_VALUE* val); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -3657,12 +3781,22 @@ WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ + +#ifdef HAVE_SNI +/* SNI received callback type */ +typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg); + WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, CallbackSniRecv); WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, CallbackSniRecv); WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); +#endif + +#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \ + || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); @@ -3732,6 +3866,7 @@ WOLFSSL_API int wolfSSL_set_alpn_protos(WOLFSSL* ssl, const unsigned char* protos, unsigned int protos_len); WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line); +WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); #endif @@ -3761,11 +3896,12 @@ WOLFSSL_LOCAL char* wolfSSL_get_ocsp_url(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) \ + || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API void *wolfSSL_X509_get_ex_data(WOLFSSL_X509 *x509, int idx); WOLFSSL_API int wolfSSL_X509_set_ex_data(WOLFSSL_X509 *x509, int idx, void *data); -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) @@ -3817,8 +3953,12 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 * WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); -WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING)* wolfSSL_sk_WOLFSSL_STRING_new(void); +WOLFSSL_API void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk); +WOLFSSL_API WOLFSSL_STRING wolfSSL_sk_WOLFSSL_STRING_value( WOLF_STACK_OF(WOLFSSL_STRING)* strings, int idx); +WOLFSSL_API int wolfSSL_sk_WOLFSSL_STRING_num( + WOLF_STACK_OF(WOLFSSL_STRING)* strings); #endif /* HAVE_OCSP || OPENSSL_EXTRA || OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, @@ -3867,8 +4007,8 @@ WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API const unsigned char *SSL_SESSION_get0_id_context( const WOLFSSL_SESSION *sess, unsigned int *sid_ctx_length); -WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count); -WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count); +WOLFSSL_API size_t wolfSSL_get_finished(const WOLFSSL *ssl, void *buf, size_t count); +WOLFSSL_API size_t wolfSSL_get_peer_finished(const WOLFSSL *ssl, void *buf, size_t count); #endif WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len); @@ -3887,6 +4027,9 @@ WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, con WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key); WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, + const unsigned char **der, + long length); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); @@ -3911,6 +4054,8 @@ WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out); WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); +WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, + char *buf, int size); WOLFSSL_API int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE *store); WOLFSSL_API long wolfSSL_X509_get_version(const WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); diff --git a/source/libs/libwolfssl/version.h b/source/libs/libwolfssl/version.h index fe258fcc..4ed51502 100644 --- a/source/libs/libwolfssl/version.h +++ b/source/libs/libwolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "4.5.0" -#define LIBWOLFSSL_VERSION_HEX 0x04005000 +#define LIBWOLFSSL_VERSION_STRING "4.6.0" +#define LIBWOLFSSL_VERSION_HEX 0x04006000 #ifdef __cplusplus } diff --git a/source/libs/libwolfssl/wolfcrypt/aes.h b/source/libs/libwolfssl/wolfcrypt/aes.h index ca1e2786..cff740c4 100644 --- a/source/libs/libwolfssl/wolfcrypt/aes.h +++ b/source/libs/libwolfssl/wolfcrypt/aes.h @@ -79,6 +79,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#ifdef WOLFSSL_SILABS_SE_ACCEL + #include +#endif + + #if defined(HAVE_AESGCM) && !defined(WC_NO_RNG) #include #endif @@ -143,7 +148,8 @@ enum { #endif #ifdef HAVE_PKCS11 - AES_MAX_ID_LEN = 32, + AES_MAX_ID_LEN = 32, + AES_MAX_LABEL_LEN = 32, #endif }; @@ -171,6 +177,12 @@ struct Aes { #ifdef GCM_TABLE /* key-based fast multiplication table. */ ALIGN16 byte M0[256][AES_BLOCK_SIZE]; +#elif defined(GCM_TABLE_4BIT) + #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) + ALIGN16 byte M0[16][AES_BLOCK_SIZE]; + #else + ALIGN16 byte M0[32][AES_BLOCK_SIZE]; + #endif #endif /* GCM_TABLE */ #ifdef HAVE_CAVIUM_OCTEON_SYNC word32 y0; @@ -186,6 +198,8 @@ struct Aes { #ifdef HAVE_PKCS11 byte id[AES_MAX_ID_LEN]; int idLen; + char label[AES_MAX_LABEL_LEN]; + int labelLen; #endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; @@ -231,6 +245,9 @@ struct Aes { #endif #if defined(WOLFSSL_IMXRT_DCP) dcp_handle_t handle; +#endif +#if defined(WOLFSSL_SILABS_SE_ACCEL) + silabs_aes_t ctx; #endif void* heap; /* memory hint to use */ }; @@ -431,6 +448,8 @@ WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId); #ifdef HAVE_PKCS11 WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, int devId); +WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, + int devId); #endif WOLFSSL_API void wc_AesFree(Aes* aes); diff --git a/source/libs/libwolfssl/wolfcrypt/asn.h b/source/libs/libwolfssl/wolfcrypt/asn.h index 883a5ee7..ea3e60ce 100644 --- a/source/libs/libwolfssl/wolfcrypt/asn.h +++ b/source/libs/libwolfssl/wolfcrypt/asn.h @@ -100,6 +100,7 @@ enum ASN_Tags { ASN_SEQUENCE = 0x10, ASN_SET = 0x11, ASN_PRINTABLE_STRING = 0x13, + ASN_IA5_STRING = 0x16, ASN_UTC_TIME = 0x17, ASN_OTHER_TYPE = 0x00, ASN_RFC822_TYPE = 0x01, @@ -142,6 +143,9 @@ enum DN_Tags { ASN_DOMAIN_COMPONENT = 0x19 /* DC */ }; +/* This is the size of the smallest possible PEM header and footer */ +extern const int pem_struct_min_sz; + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) typedef struct WOLFSSL_ObjectInfo { int nid; @@ -202,6 +206,7 @@ enum NID_sha256 = 672, NID_sha384 = 673, NID_sha512 = 674, + NID_pkcs9_challengePassword = 54, NID_hw_name_oid = 73, NID_id_pkix_OCSP_basic = 74, NID_any_policy = 75, @@ -228,6 +233,7 @@ enum NID_inhibit_any_policy = 168, /* 2.5.29.54 */ NID_tlsfeature = 1020, /* id-pe 24 */ NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */ + NID_buildingName = 1494, NID_surname = 0x04, /* SN */ @@ -300,7 +306,7 @@ enum Misc_ASN { #endif RSA_INTS = 8, /* RSA ints in private key */ DSA_INTS = 5, /* DSA ints in private key */ - MIN_DATE_SIZE = 13, + MIN_DATE_SIZE = 12, MAX_DATE_SIZE = 32, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ #ifndef NO_RSA @@ -382,6 +388,9 @@ enum Misc_ASN { MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ MAX_X509_VERSION = 3, /* Max X509 version allowed */ MIN_X509_VERSION = 0, /* Min X509 version allowed */ + WOLFSSL_X509_V1 = 0, + WOLFSSL_X509_V2 = 1, + WOLFSSL_X509_V3 = 2, #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) @@ -422,6 +431,7 @@ enum Oid_Types { oidCertNameType = 17, oidTlsExtType = 18, oidCrlExtType = 19, + oidCsrAttrType = 20, oidIgnoreType }; @@ -588,6 +598,14 @@ enum KeyIdType { }; #endif +#ifdef WOLFSSL_CERT_REQ +enum CsrAttrType { + CHALLENGE_PASSWORD_OID = 659, + SERIAL_NUMBER_OID = 94, + EXTENSION_REQUEST_OID = 666, +}; +#endif + /* Key usage extension bits (based on RFC 5280) */ #define KEYUSE_DIGITAL_SIG 0x0080 #define KEYUSE_CONTENT_COMMIT 0x0040 @@ -660,7 +678,9 @@ struct SignatureCtx { byte* digest; #ifndef NO_RSA byte* out; - byte* plain; +#endif +#if !(defined(NO_RSA) && defined(NO_DSA)) + byte* sigCpy; #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) int verify; @@ -669,6 +689,9 @@ struct SignatureCtx { #ifndef NO_RSA struct RsaKey* rsa; #endif + #ifndef NO_DSA + struct DsaKey* dsa; + #endif #ifdef HAVE_ECC struct ecc_key* ecc; #endif @@ -766,6 +789,7 @@ struct DecodedCert { DNS_entry* altNames; /* alt names list of dns entries */ #ifndef IGNORE_NAME_CONSTRAINTS DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ + DNS_entry* altDirNames; /* alt names list of DIR entries */ Base_entry* permittedNames; /* Permitted name bases */ Base_entry* excludedNames; /* Excluded name bases */ #endif /* IGNORE_NAME_CONSTRAINTS */ @@ -888,6 +912,14 @@ struct DecodedCert { int extCertPoliciesNb; #endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ +#ifdef WOLFSSL_CERT_REQ + /* CSR attributes */ + char* cPwd; /* challengePassword */ + int cPwdLen; + char* sNum; /* Serial Number */ + int sNumLen; +#endif /* WOLFSSL_CERT_REQ */ + Signer* ca; #ifndef NO_CERTS SignatureCtx sigCtx; @@ -939,7 +971,9 @@ struct DecodedCert { #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicyCrit : 1; #endif - +#ifdef WOLFSSL_CERT_REQ + byte isCSR : 1; /* Do we intend on parsing a CSR? */ +#endif }; @@ -1036,6 +1070,12 @@ WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz, WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); +#ifdef WOLFSSL_CERT_REQ +WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, + const byte* pubKey, word32 pubKeySz, int pubKeyOID); +#endif /* WOLFSSL_CERT_REQ */ +WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, + int sigAlgoType); WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate); @@ -1108,6 +1148,8 @@ WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); +WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx, int zeroBits, byte* unusedBits); WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len, @@ -1142,6 +1184,7 @@ WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz); WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz); WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); #endif +WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output); WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output); WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); @@ -1154,7 +1197,9 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, byte* serial, int* serialSz, word32 maxIdx); WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); -WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, + const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); @@ -1162,8 +1207,12 @@ WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); /* ASN sig helpers */ WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s); + WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, + const byte* r, word32 rLen, const byte* s, word32 sLen); WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s); + WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, + byte* r, word32* rLen, byte* s, word32* sLen); #endif #if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_API int EccEnumToNID(int n); @@ -1200,7 +1249,8 @@ enum cert_enums { NTRU_KEY = 11, ECC_KEY = 12, ED25519_KEY = 13, - ED448_KEY = 14 + ED448_KEY = 14, + DSA_KEY = 15 }; #endif /* WOLFSSL_CERT_GEN */ @@ -1251,6 +1301,9 @@ struct CertStatus { byte serial[EXTERNAL_SERIAL_SIZE]; int serialSz; +#ifdef OPENSSL_EXTRA + WOLFSSL_ASN1_INTEGER* serialInt; +#endif int status; @@ -1258,7 +1311,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; @@ -1269,7 +1322,34 @@ struct CertStatus { word32 rawOcspResponseSz; }; +typedef struct OcspEntry OcspEntry; +#ifdef NO_SHA +#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#else +#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE +#endif + +struct OcspEntry +{ + OcspEntry *next; /* next entry */ + word32 hashAlgoOID; /* hash algo ID */ + byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ + byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ + CertStatus *status; /* OCSP response list */ + int totalStatus; /* number on list */ + byte* rawCertId; /* raw bytes of the CertID */ + int rawCertIdSize; /* num bytes in raw CertID */ + /* option bits - using 32-bit for alignment */ + word32 isDynamic:1; /* was dynamically allocated */ + +}; + +/* TODO: Long-term, it would be helpful if we made this struct and other OCSP + structs conform to the ASN spec as described in RFC 6960. It will help + with readability and with implementing OpenSSL compatibility API + functions, because OpenSSL's OCSP data structures conform to the + RFC. */ struct OcspResponse { int responseStatus; /* return code from Responder */ @@ -1279,8 +1359,6 @@ struct OcspResponse { byte producedDate[MAX_DATE_SIZE]; /* Date at which this response was signed */ byte producedDateFormat; /* format of the producedDate */ - byte* issuerHash; - byte* issuerKeyHash; byte* cert; word32 certSz; @@ -1289,7 +1367,7 @@ struct OcspResponse { word32 sigSz; /* Length in octets for the sig */ word32 sigOID; /* OID for hash used for sig */ - CertStatus* status; /* certificate status to fill out */ + OcspEntry* single; /* chain of OCSP single responses */ byte* nonce; /* pointer to nonce inside ASN.1 response */ int nonceSz; /* length of the nonce string */ @@ -1300,6 +1378,7 @@ struct OcspResponse { #ifdef OPENSSL_EXTRA int verifyError; #endif + void* heap; }; @@ -1320,25 +1399,9 @@ struct OcspRequest { void* ssl; }; -typedef struct OcspEntry OcspEntry; - -#ifdef NO_SHA -#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE -#else -#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE -#endif - -struct OcspEntry -{ - OcspEntry *next; /* next entry */ - byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ - byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ - CertStatus *status; /* OCSP response list */ - int totalStatus; /* number on list */ -}; - -WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); -WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); +WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*); +WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*); +WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); @@ -1416,12 +1479,13 @@ WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); #endif enum PBESTypes { - PBE_MD5_DES = 0, - PBE_SHA1_RC4_128 = 1, - PBE_SHA1_DES = 2, - PBE_SHA1_DES3 = 3, - PBE_AES256_CBC = 4, - PBE_AES128_CBC = 5, + PBE_MD5_DES = 0, + PBE_SHA1_RC4_128 = 1, + PBE_SHA1_DES = 2, + PBE_SHA1_DES3 = 3, + PBE_AES256_CBC = 4, + PBE_AES128_CBC = 5, + PBE_SHA1_40RC2_CBC = 6, PBE_SHA1_RC4_128_SUM = 657, PBE_SHA1_DES3_SUM = 659, diff --git a/source/libs/libwolfssl/wolfcrypt/asn_public.h b/source/libs/libwolfssl/wolfcrypt/asn_public.h index c1ae0102..8b8bd414 100644 --- a/source/libs/libwolfssl/wolfcrypt/asn_public.h +++ b/source/libs/libwolfssl/wolfcrypt/asn_public.h @@ -126,6 +126,7 @@ enum CertType { /* Signature type, by OID sum */ enum Ctc_SigType { CTC_SHAwDSA = 517, + CTC_SHA256wDSA = 416, CTC_MD2wRSA = 646, CTC_MD5wRSA = 648, CTC_SHAwRSA = 649, diff --git a/source/libs/libwolfssl/wolfcrypt/chacha.h b/source/libs/libwolfssl/wolfcrypt/chacha.h index 9d7ccf92..49dc1e6d 100644 --- a/source/libs/libwolfssl/wolfcrypt/chacha.h +++ b/source/libs/libwolfssl/wolfcrypt/chacha.h @@ -55,6 +55,9 @@ Block counter is located at index 12. /* Size of IV in bytes*/ #define CHACHA_IV_BYTES 12 +#ifdef HAVE_XCHACHA +#define XCHACHA_NONCE_BYTES 24 +#endif /* Size of ChaCha chunks */ #define CHACHA_CHUNK_WORDS 16 @@ -92,8 +95,17 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter); WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain, word32 msglen); + +WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx); + WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); +#ifdef HAVE_XCHACHA +WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz, + const byte *nonce, word32 nonceSz, + word32 counter); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h b/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h index 739f39f1..be1a0aad 100644 --- a/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h +++ b/source/libs/libwolfssl/wolfcrypt/chacha20_poly1305.h @@ -48,6 +48,7 @@ or Authenticated Encryption with Additional Data (AEAD) algorithm. #define CHACHA20_POLY1305_AEAD_IV_SIZE 12 #define CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE 16 #define CHACHA20_POLY1305_MAX 4294967295U +#define XCHACHA20_POLY1305_AEAD_NONCE_SIZE 24 enum { CHACHA20_POLY_1305_ENC_TYPE = 8, /* cipher unique type */ @@ -123,6 +124,30 @@ WOLFSSL_API int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead, WOLFSSL_API int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); +#ifdef HAVE_XCHACHA + +WOLFSSL_API int wc_XChaCha20Poly1305_Init( + ChaChaPoly_Aead* aead, + const byte *ad, word32 ad_len, + const byte *inKey, word32 inKeySz, + const byte *inIV, word32 inIVSz, + int isEncrypt); + +WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt( + byte *dst, const size_t dst_space, + const byte *src, const size_t src_len, + const byte *ad, const size_t ad_len, + const byte *nonce, const size_t nonce_len, + const byte *key, const size_t key_len); + +WOLFSSL_API int wc_XChaCha20Poly1305_Decrypt( + byte *dst, const size_t dst_space, + const byte *src, const size_t src_len, + const byte *ad, const size_t ad_len, + const byte *nonce, const size_t nonce_len, + const byte *key, const size_t key_len); + +#endif /* HAVE_XCHACHA */ #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/compress.h b/source/libs/libwolfssl/wolfcrypt/compress.h index 4bfb7615..8a3760f1 100644 --- a/source/libs/libwolfssl/wolfcrypt/compress.h +++ b/source/libs/libwolfssl/wolfcrypt/compress.h @@ -47,6 +47,8 @@ WOLFSSL_API int wc_Compress_ex(byte* out, word32 outSz, const byte* in, WOLFSSL_API int wc_DeCompress(byte*, word32, const byte*, word32); WOLFSSL_API int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, word32 inSz, int windowBits); +WOLFSSL_API int wc_DeCompressDynamic(byte** out, int max, int memoryType, + const byte* in, word32 inSz, int windowBits, void* heap); #ifdef __cplusplus } /* extern "C" */ diff --git a/source/libs/libwolfssl/wolfcrypt/cpuid.h b/source/libs/libwolfssl/wolfcrypt/cpuid.h index feade120..557c4207 100644 --- a/source/libs/libwolfssl/wolfcrypt/cpuid.h +++ b/source/libs/libwolfssl/wolfcrypt/cpuid.h @@ -34,6 +34,7 @@ #if defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \ defined(WOLFSSL_AESNI) + #define CPUID_AVX1 0x0001 #define CPUID_AVX2 0x0002 #define CPUID_RDRAND 0x0004 @@ -59,6 +60,7 @@ WOLFSSL_API void cpuid_select_flags(word32 flags); WOLFSSL_API void cpuid_set_flag(word32 flag); WOLFSSL_API void cpuid_clear_flag(word32 flag); + #endif #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/cryptocb.h b/source/libs/libwolfssl/wolfcrypt/cryptocb.h index 9d8c5480..18ca880b 100644 --- a/source/libs/libwolfssl/wolfcrypt/cryptocb.h +++ b/source/libs/libwolfssl/wolfcrypt/cryptocb.h @@ -85,6 +85,11 @@ typedef struct wc_CryptoInfo { WC_RNG* rng; } rsakg; #endif + struct { + RsaKey* key; + const byte* pubKey; + word32 pubKeySz; + } rsa_check; #endif #ifdef HAVE_ECC struct { @@ -115,6 +120,11 @@ typedef struct wc_CryptoInfo { int* res; ecc_key* key; } eccverify; + struct { + ecc_key* key; + const byte* pubKey; + word32 pubKeySz; + } ecc_check; #endif }; } pk; @@ -212,7 +222,7 @@ typedef struct wc_CryptoInfo { typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); WOLFSSL_LOCAL void wc_CryptoCb_Init(void); - +WOLFSSL_LOCAL int wc_CryptoCb_GetDevIdAtIndex(int startIdx); WOLFSSL_API int wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); WOLFSSL_API void wc_CryptoCb_UnRegisterDevice(int devId); @@ -229,6 +239,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); #endif /* WOLFSSL_KEY_GEN */ + +WOLFSSL_LOCAL int wc_CryptoCb_RsaCheckPrivKey(RsaKey* key, const byte* pubKey, + word32 pubKeySz); #endif /* !NO_RSA */ #ifdef HAVE_ECC @@ -243,6 +256,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_EccSign(const byte* in, word32 inlen, byte* out, WOLFSSL_LOCAL int wc_CryptoCb_EccVerify(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* res, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoCb_EccCheckPrivKey(ecc_key* key, const byte* pubKey, + word32 pubKeySz); #endif /* HAVE_ECC */ #ifndef NO_AES diff --git a/source/libs/libwolfssl/wolfcrypt/dh.h b/source/libs/libwolfssl/wolfcrypt/dh.h index 51921841..7229e55a 100644 --- a/source/libs/libwolfssl/wolfcrypt/dh.h +++ b/source/libs/libwolfssl/wolfcrypt/dh.h @@ -121,8 +121,8 @@ WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz); WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, byte* pub, word32* pPubSz); -#endif /* WOLFSSL_DH_EXTRA */ - +WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst); +#endif WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, WC_RNG* rng); diff --git a/source/libs/libwolfssl/wolfcrypt/ecc.h b/source/libs/libwolfssl/wolfcrypt/ecc.h index 9ce50309..efd7233a 100644 --- a/source/libs/libwolfssl/wolfcrypt/ecc.h +++ b/source/libs/libwolfssl/wolfcrypt/ecc.h @@ -58,6 +58,10 @@ #include #endif +#ifdef WOLFSSL_SILABS_SE_ACCEL + #include +#endif + #ifdef WOLFSSL_HAVE_SP_ECC #include #endif @@ -125,7 +129,7 @@ enum { ECC_MAXNAME = 16, /* MAX CURVE NAME LENGTH */ SIG_HEADER_SZ = 7, /* ECC signature header size (30 81 87 02 42 [R] 02 42 [S]) */ ECC_BUFSIZE = 256, /* for exported keys temp buffer */ - ECC_MINSIZE = 20, /* MIN Private Key size */ + ECC_MINSIZE = ECC_MIN_KEY_SZ/8, /* MIN Private Key size */ ECC_MAXSIZE = 66, /* MAX Private Key size */ ECC_MAXSIZE_GEN = 74, /* MAX Buffer size required when generating ECC keys*/ ECC_MAX_OID_LEN = 16, @@ -137,6 +141,8 @@ enum { ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) ECC_MAX_CRYPTO_HW_SIZE = 32, +#elif defined(WOLFSSL_SILABS_SE_ACCEL) + ECC_MAX_CRYPTO_HW_SIZE = 32, #elif defined(WOLFSSL_CRYPTOCELL) #ifndef CRYPTOCELL_KEY_SIZE CRYPTOCELL_KEY_SIZE = ECC_MAXSIZE, @@ -152,8 +158,9 @@ enum { /* Shamir's dual add constants */ SHAMIR_PRECOMP_SZ = 16, -#ifdef HAVE_PKCS11 +#ifdef WOLF_CRYPTO_CB ECC_MAX_ID_LEN = 32, + ECC_MAX_LABEL_LEN = 32, #endif }; @@ -315,7 +322,8 @@ typedef struct ecc_set_type { #endif /* determine buffer size */ -#define FP_SIZE_ECC (FP_MAX_BITS_ECC/DIGIT_BIT) +/* Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). */ +#define FP_SIZE_ECC ((FP_MAX_BITS_ECC/DIGIT_BIT) + 1) /* This needs to match the size of the fp_int struct, except the @@ -395,6 +403,16 @@ struct ecc_key { #if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_CB) int devId; #endif +#ifdef WOLFSSL_SILABS_SE_ACCEL + sl_se_command_context_t cmd_ctx; + sl_se_key_descriptor_t key; + /* Used for SiLabs "plaintext" with public X, public Y, and + * private D concatenated. These are respectively at offset `0`, + * offset `keysize`, and offset `2 * keysize`. + */ + byte key_raw[3 * ECC_MAX_CRYPTO_HW_SIZE]; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT mp_int* r; /* sign/verify temps */ mp_int* s; @@ -407,9 +425,11 @@ struct ecc_key { CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ #endif #endif /* WOLFSSL_ASYNC_CRYPT */ -#ifdef HAVE_PKCS11 +#ifdef WOLF_CRYPTO_CB byte id[ECC_MAX_ID_LEN]; int idLen; + char label[ECC_MAX_LABEL_LEN]; + int labelLen; #endif #if defined(WOLFSSL_CRYPTOCELL) ecc_context_t ctx; @@ -474,6 +494,9 @@ ECC_API int ecc_projective_dbl_point(ecc_point* P, ecc_point* R, mp_int* a, WOLFSSL_LOCAL int ecc_projective_add_point_safe(ecc_point* A, ecc_point* B, ecc_point* R, mp_int* a, mp_int* modulus, mp_digit mp, int* infinity); +WOLFSSL_LOCAL +int ecc_projective_dbl_point_safe(ecc_point* P, ecc_point* R, mp_int* a, + mp_int* modulus, mp_digit mp); #endif @@ -541,10 +564,12 @@ WOLFSSL_API int wc_ecc_init(ecc_key* key); WOLFSSL_ABI WOLFSSL_API int wc_ecc_init_ex(ecc_key* key, void* heap, int devId); -#ifdef HAVE_PKCS11 +#ifdef WOLF_CRYPTO_CB WOLFSSL_API int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, void* heap, int devId); +WOLFSSL_API +int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, int devId); #endif #ifdef WOLFSSL_CUSTOM_CURVES WOLFSSL_LOCAL diff --git a/source/libs/libwolfssl/wolfcrypt/fe_448.h b/source/libs/libwolfssl/wolfcrypt/fe_448.h index 0d85de45..0f8fd5d1 100644 --- a/source/libs/libwolfssl/wolfcrypt/fe_448.h +++ b/source/libs/libwolfssl/wolfcrypt/fe_448.h @@ -46,12 +46,15 @@ #if defined(CURVED448_128BIT) typedef int64_t fe448; - #ifdef __SIZEOF_INT128__ - typedef __uint128_t uint128_t; - typedef __int128_t int128_t; - #else - typedef unsigned long uint128_t __attribute__ ((mode(TI))); - typedef long int128_t __attribute__ ((mode(TI))); + #ifndef WOLFSSL_UINT128_T_DEFINED + #ifdef __SIZEOF_INT128__ + typedef __uint128_t uint128_t; + typedef __int128_t int128_t; + #else + typedef unsigned long uint128_t __attribute__ ((mode(TI))); + typedef long int128_t __attribute__ ((mode(TI))); + #endif + #define WOLFSSL_UINT128_T_DEFINED #endif #else typedef int32_t fe448; diff --git a/source/libs/libwolfssl/wolfcrypt/hmac.h b/source/libs/libwolfssl/wolfcrypt/hmac.h index 2b534838..aba80632 100644 --- a/source/libs/libwolfssl/wolfcrypt/hmac.h +++ b/source/libs/libwolfssl/wolfcrypt/hmac.h @@ -94,7 +94,8 @@ enum { WC_SHA3_512 = WC_HASH_TYPE_SHA3_512, #endif #ifdef HAVE_PKCS11 - HMAC_MAX_ID_LEN = 32, + HMAC_MAX_ID_LEN = 32, + HMAC_MAX_LABEL_LEN = 32, #endif }; @@ -153,6 +154,8 @@ struct Hmac { #ifdef HAVE_PKCS11 byte id[HMAC_MAX_ID_LEN]; int idLen; + char label[HMAC_MAX_LABEL_LEN]; + int labelLen; #endif #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) word16 keyLen; /* hmac key length (key in ipad) */ @@ -174,8 +177,12 @@ WOLFSSL_API int wc_HmacFinal(Hmac*, byte*); WOLFSSL_API int wc_HmacSizeByType(int type); WOLFSSL_API int wc_HmacInit(Hmac* hmac, void* heap, int devId); +#ifdef HAVE_PKCS11 WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap, int devId); +WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap, + int devId); +#endif WOLFSSL_API void wc_HmacFree(Hmac*); WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); diff --git a/source/libs/libwolfssl/wolfcrypt/integer.h b/source/libs/libwolfssl/wolfcrypt/integer.h index dbe2dc93..8495a8b4 100644 --- a/source/libs/libwolfssl/wolfcrypt/integer.h +++ b/source/libs/libwolfssl/wolfcrypt/integer.h @@ -33,7 +33,7 @@ may not be faster on all */ #include /* will set MP_xxBIT if not default */ -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) #include #elif defined(USE_FAST_MATH) #include @@ -161,7 +161,7 @@ extern "C" { #define MP_OKAY 0 /* ok result */ #define MP_MEM -2 /* out of mem */ #define MP_VAL -3 /* invalid input */ -#define MP_NOT_INF -4 /* point not at infinity */ +#define MP_NOT_INF -4 /* point not at infinity */ #define MP_RANGE MP_NOT_INF #define MP_YES 1 /* yes response */ diff --git a/source/libs/libwolfssl/wolfcrypt/logging.h b/source/libs/libwolfssl/wolfcrypt/logging.h index c9be0e4d..093fa521 100644 --- a/source/libs/libwolfssl/wolfcrypt/logging.h +++ b/source/libs/libwolfssl/wolfcrypt/logging.h @@ -100,6 +100,10 @@ WOLFSSL_API int wolfSSL_Debugging_ON(void); /* turn logging off */ WOLFSSL_API void wolfSSL_Debugging_OFF(void); +#ifdef HAVE_WC_INTROSPECTION + WOLFSSL_API const char *wolfSSL_configure_args(void); + WOLFSSL_API const char *wolfSSL_global_cflags(void); +#endif #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_LOCAL int wc_LoggingInit(void); @@ -187,6 +191,14 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); #define WOLFSSL_ERROR_MSG(m) #endif +#ifdef HAVE_STACK_SIZE_VERBOSE + extern WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack; + extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSize; + extern WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSizeHWM; + extern WOLFSSL_API THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr; + extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer; +#endif + #ifdef __cplusplus } #endif diff --git a/source/libs/libwolfssl/wolfcrypt/mem_track.h b/source/libs/libwolfssl/wolfcrypt/mem_track.h index d33e90e6..1d5ade9d 100644 --- a/source/libs/libwolfssl/wolfcrypt/mem_track.h +++ b/source/libs/libwolfssl/wolfcrypt/mem_track.h @@ -76,6 +76,15 @@ long totalBytes; /* total number of bytes allocated */ long peakBytes; /* concurrent max bytes */ long currentBytes; /* total current bytes in use */ +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + long peakAllocsTripOdometer; /* peak number of concurrent allocations, + * subject to reset by + * wolfCrypt_heap_peak_checkpoint() + */ + long peakBytesTripOdometer; /* peak concurrent bytes, subject to reset + * by wolfCrypt_heap_peak_checkpoint() + */ +#endif } memoryStats; typedef struct memHint { @@ -170,8 +179,17 @@ ourMemStats.totalAllocs++; ourMemStats.totalBytes += sz; ourMemStats.currentBytes += sz; - if (ourMemStats.currentBytes > ourMemStats.peakBytes) - ourMemStats.peakBytes = ourMemStats.currentBytes; + #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + if (ourMemStats.peakAllocsTripOdometer < ourMemStats.totalAllocs - ourMemStats.totalDeallocs) + ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.totalDeallocs; + if (ourMemStats.peakBytesTripOdometer < ourMemStats.currentBytes) { + ourMemStats.peakBytesTripOdometer = ourMemStats.currentBytes; + #endif + if (ourMemStats.currentBytes > ourMemStats.peakBytes) + ourMemStats.peakBytes = ourMemStats.currentBytes; + #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + } + #endif #endif #ifdef DO_MEM_LIST if (pthread_mutex_lock(&memLock) == 0) { @@ -338,8 +356,12 @@ ourMemStats.totalBytes = 0; ourMemStats.peakBytes = 0; ourMemStats.currentBytes = 0; +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + ourMemStats.peakAllocsTripOdometer = 0; + ourMemStats.peakBytesTripOdometer = 0; +#endif #endif - + #ifdef DO_MEM_LIST XMEMSET(&ourMemList, 0, sizeof(ourMemList)); diff --git a/source/libs/libwolfssl/wolfcrypt/misc.h b/source/libs/libwolfssl/wolfcrypt/misc.h index c7e6d954..632a2abe 100644 --- a/source/libs/libwolfssl/wolfcrypt/misc.h +++ b/source/libs/libwolfssl/wolfcrypt/misc.h @@ -43,11 +43,23 @@ word32 rotlFixed(word32, word32); WOLFSSL_LOCAL word32 rotrFixed(word32, word32); +#ifdef WC_RC2 +WOLFSSL_LOCAL +word16 rotlFixed16(word16, word16); +WOLFSSL_LOCAL +word16 rotrFixed16(word16, word16); +#endif + WOLFSSL_LOCAL word32 ByteReverseWord32(word32); WOLFSSL_LOCAL void ByteReverseWords(word32*, const word32*, word32); +WOLFSSL_LOCAL +void XorWordsOut(wolfssl_word* r, const wolfssl_word* a, const wolfssl_word* b, + word32 n); +WOLFSSL_LOCAL +void xorbufout(void*, const void*, const void*, word32); WOLFSSL_LOCAL void XorWords(wolfssl_word*, const wolfssl_word*, word32); WOLFSSL_LOCAL @@ -103,7 +115,9 @@ WOLFSSL_LOCAL byte ctMaskLT(int a, int b); WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); WOLFSSL_LOCAL byte ctMaskEq(int a, int b); WOLFSSL_LOCAL word16 ctMask16GT(int a, int b); +WOLFSSL_LOCAL word16 ctMask16GTE(int a, int b); WOLFSSL_LOCAL word16 ctMask16LT(int a, int b); +WOLFSSL_LOCAL word16 ctMask16LTE(int a, int b); WOLFSSL_LOCAL word16 ctMask16Eq(int a, int b); WOLFSSL_LOCAL byte ctMaskNotEq(int a, int b); WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); diff --git a/source/libs/libwolfssl/wolfcrypt/pkcs12.h b/source/libs/libwolfssl/wolfcrypt/pkcs12.h index fe867796..36aadfd4 100644 --- a/source/libs/libwolfssl/wolfcrypt/pkcs12.h +++ b/source/libs/libwolfssl/wolfcrypt/pkcs12.h @@ -53,6 +53,8 @@ WOLFSSL_API int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz); WOLFSSL_API int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, byte** pkey, word32* pkeySz, byte** cert, word32* certSz, WC_DerCertList** ca); +WOLFSSL_LOCAL int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12, + const byte* psw, word32 pswSz); WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, byte* key, word32 keySz, byte* cert, word32 certSz, WC_DerCertList* ca, int nidKey, int nidCert, int iter, int macIter, diff --git a/source/libs/libwolfssl/wolfcrypt/pkcs7.h b/source/libs/libwolfssl/wolfcrypt/pkcs7.h index 59bcb3ae..a2698e29 100644 --- a/source/libs/libwolfssl/wolfcrypt/pkcs7.h +++ b/source/libs/libwolfssl/wolfcrypt/pkcs7.h @@ -48,8 +48,12 @@ /* Max number of certificates that PKCS7 structure can parse */ #ifndef MAX_PKCS7_CERTS +#ifdef OPENSSL_ALL + #define MAX_PKCS7_CERTS 15 +#else #define MAX_PKCS7_CERTS 4 #endif +#endif #ifndef MAX_ORI_TYPE_SZ #define MAX_ORI_TYPE_SZ MAX_OID_SZ @@ -154,8 +158,8 @@ enum Pkcs7_Misc { MAX_SEQ_SZ + ASN_NAME_MAX + MAX_SN_SZ + MAX_SEQ_SZ + MAX_ALGO_SZ + 1 + MAX_ENCRYPTED_KEY_SZ, #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION >= 2)) || (defined(HAVE_SELFTEST) && \ - (!defined(HAVE_SELFTEST_VERSION) || HAVE_SELFTEST_VERSION < 2)) + (HAVE_FIPS_VERSION <= 2)) || (defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))) /* In the event of fips cert 3389 or CAVP selftest v1 build, these enums are * not in aes.h for use with pkcs7 so enumerate it here outside the fips * boundary */ diff --git a/source/libs/libwolfssl/wolfcrypt/poly1305.h b/source/libs/libwolfssl/wolfcrypt/poly1305.h index 88c1fbd7..9683eb7b 100644 --- a/source/libs/libwolfssl/wolfcrypt/poly1305.h +++ b/source/libs/libwolfssl/wolfcrypt/poly1305.h @@ -116,6 +116,9 @@ WOLFSSL_API int wc_Poly1305Final(Poly1305* poly1305, byte* tag); /* AEAD Functions */ WOLFSSL_API int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad); WOLFSSL_API int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 dataSz); +#ifdef WORD64_AVAILABLE +WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, word64 dataSz); +#endif WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, byte* input, word32 sz, byte* tag, word32 tagSz); diff --git a/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h b/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h index 6122f8f5..be1310dc 100644 --- a/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h +++ b/source/libs/libwolfssl/wolfcrypt/port/atmel/atmel.h @@ -29,10 +29,8 @@ #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_ATECC_PKCB) - #undef SHA_BLOCK_SIZE - #define SHA_BLOCK_SIZE SHA_BLOCK_SIZE_REMAP - #include #undef SHA_BLOCK_SIZE + #include #endif /* ATECC508A/608A only supports ECC P-256 */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h new file mode 100644 index 00000000..1d16634c --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_aes.h @@ -0,0 +1,67 @@ +/* silabs_aes.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _SILABS_AES_H_ +#define _SILABS_AES_H_ + +#include + +#if defined(WOLFSSL_SILABS_SE_ACCEL) + +#include + +#include +#include + +typedef struct { + sl_se_command_context_t cmd_ctx; + sl_se_key_descriptor_t key; +} silabs_aes_t; + +typedef struct Aes Aes; + +#ifdef HAVE_AESGCM +int wc_AesGcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +int wc_AesGcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +#endif /* HAVE_AESGCM */ + +#ifdef HAVE_AESCCM +int wc_AesCcmEncrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +int wc_AesCcmDecrypt_silabs (Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + +#endif /* HAVE_AESCCM */ + +#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */ + +#endif /* _SILABS_AES_H_ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h new file mode 100644 index 00000000..0a8fd88a --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_ecc.h @@ -0,0 +1,63 @@ +/* silabs_ecc.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef _SILABS_ECC_H_ +#define _SILABS_ECC_H_ + + +#if defined(WOLFSSL_SILABS_SE_ACCEL) + +#include + +#include +#include +#include +#include + +typedef enum ecc_curve_id ecc_curve_id; +typedef struct ecc_key ecc_key; + +int silabs_ecc_sign_hash (const byte* in, word32 inlen, + byte* out, word32 *outlen, + ecc_key* key); +int silabs_ecc_verify_hash (const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, + int* stat, ecc_key* key); + + + +int silabs_ecc_make_key(ecc_key* key, int keysize); + +int silabs_ecc_import(ecc_key* key, word32 keysize); + +int silabs_ecc_import_private(ecc_key* key, word32 keysize); + +int silabs_ecc_sig_to_rs(ecc_key* key, word32 keySz); + +int silabs_ecc_import_private_raw(ecc_key* key, word32 keySz, const char* d, int encType); + +int silabs_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen); + +#endif /* WOLFSSL_SILABS_SE_ACCEL */ + +#endif /* _SILABS_ECC_H_ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h new file mode 100644 index 00000000..ebb69b73 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_hash.h @@ -0,0 +1,66 @@ +/* silabs_hash.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _SILABS_HASH_H_ +#define _SILABS_HASH_H_ + +#include + +#if defined(WOLFSSL_SILABS_SE_ACCEL) + +#include + +#include +#include + +#if defined(SL_SE_HASH_SHA384) && !defined(NO_SHA384) +#define WOLFSSL_SILABS_SHA384 +#endif + +#if defined(SL_SE_HASH_SHA512) && !defined(NO_SHA384) +#define WOLFSSL_SILABS_SHA512 +#endif + +typedef struct { + sl_se_hash_streaming_context_t hash_ctx; + sl_se_command_context_t cmd_ctx; + union hash_type_ctx_u { + sl_se_sha1_streaming_context_t sha1_ctx; + sl_se_sha224_streaming_context_t sha224_ctx; + sl_se_sha256_streaming_context_t sha256_ctx; +#ifdef WOLFSSL_SILABS_SHA384 + sl_se_sha384_streaming_context_t sha384_ctx; +#endif +#ifdef WOLFSSL_SILABS_SHA512 + sl_se_sha512_streaming_context_t sha512_ctx; +#endif + } hash_type_ctx; +} wc_silabs_sha_t; + +int wc_silabs_se_hash_init (wc_silabs_sha_t* sha, enum wc_HashType type); +int wc_silabs_se_hash_update (wc_silabs_sha_t* sha, const byte* data, word32 len); +int wc_silabs_se_hash_final (wc_silabs_sha_t* sha, byte* hash); + + + +#endif /* defined(WOLFSSL_SILABS_SE_ACCEL) */ + +#endif /* _SILABS_HASH_H_ */ diff --git a/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h new file mode 100644 index 00000000..dd095787 --- /dev/null +++ b/source/libs/libwolfssl/wolfcrypt/port/silabs/silabs_random.h @@ -0,0 +1,35 @@ +/* silabs_random.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef _SILABS_RANDOM_H_ +#define _SILABS_RANDOM_H_ + + +#if defined(WOLFSSL_SILABS_SE_ACCEL) + +#include + +int silabs_GenerateRand(byte* output, word32 sz); + +#endif /* WOLFSSL_SILABS_SE_ACCEL */ + +#endif /* _SILABS_RANDOM_H_ */ diff --git a/source/libs/libwolfssl/wolfcrypt/random.h b/source/libs/libwolfssl/wolfcrypt/random.h index ea3e61b3..27aeebdd 100644 --- a/source/libs/libwolfssl/wolfcrypt/random.h +++ b/source/libs/libwolfssl/wolfcrypt/random.h @@ -225,7 +225,12 @@ WOLFSSL_API int wc_FreeRng(WC_RNG*); #define wc_InitRng_ex(rng, h, d) NOT_COMPILED_IN #define wc_InitRngNonce(rng, n, s) NOT_COMPILED_IN #define wc_InitRngNonce_ex(rng, n, s, h, d) NOT_COMPILED_IN +#if defined(__ghs__) || defined(WC_NO_RNG_SIMPLE) +/* some older compilers do not like macro function in expression */ +#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN +#else #define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;}) +#endif #define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN #define wc_FreeRng(rng) (void)NOT_COMPILED_IN #endif diff --git a/source/libs/libwolfssl/wolfcrypt/rsa.h b/source/libs/libwolfssl/wolfcrypt/rsa.h index 0c63cc0d..399acc1e 100644 --- a/source/libs/libwolfssl/wolfcrypt/rsa.h +++ b/source/libs/libwolfssl/wolfcrypt/rsa.h @@ -141,8 +141,9 @@ enum { RSA_PSS_SALT_LEN_DISCOVER = -2, #endif -#ifdef HAVE_PKCS11 +#ifdef WOLF_CRYPTO_CB RSA_MAX_ID_LEN = 32, + RSA_MAX_LABEL_LEN = 32, #endif }; @@ -184,9 +185,11 @@ struct RsaKey { byte* mod; XSecure_Rsa xRsa; #endif -#ifdef HAVE_PKCS11 +#ifdef WOLF_CRYPTO_CB byte id[RSA_MAX_ID_LEN]; int idLen; + char label[RSA_MAX_LABEL_LEN]; + int labelLen; #endif #if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) byte dataIsAlloc; @@ -213,9 +216,11 @@ struct RsaKey { WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); -#ifdef HAVE_PKCS11 +#ifdef WOLF_CRYPTO_CB WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); +WOLFSSL_API int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, + int devId); #endif WOLFSSL_API int wc_CheckRsaKey(RsaKey* key); #ifdef WOLFSSL_XILINX_CRYPT @@ -246,6 +251,9 @@ WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type); +WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type, + enum wc_HashType hash); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, RsaKey* key); @@ -367,6 +375,8 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); +WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); + #endif /* HAVE_USER_RSA */ #ifdef __cplusplus diff --git a/source/libs/libwolfssl/wolfcrypt/settings.h b/source/libs/libwolfssl/wolfcrypt/settings.h index df57b1fd..51a0d38b 100644 --- a/source/libs/libwolfssl/wolfcrypt/settings.h +++ b/source/libs/libwolfssl/wolfcrypt/settings.h @@ -225,10 +225,9 @@ #include "user_settings.h" #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) /* STM Configuration File (generated by CubeMX) */ - #include "wolfSSL.wolfSSL_conf.h" + #include "wolfSSL.I-CUBE-wolfSSL_conf.h" #endif - /* make sure old RNG name is used with CTaoCrypt FIPS */ #ifdef HAVE_FIPS #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2) @@ -358,12 +357,13 @@ #define NO_FILESYSTEM #define USE_FAST_MATH #define TFM_TIMING_RESISTANT - #define WOLFSSL_HAVE_MIN - #define WOLFSSL_HAVE_MAX #define NO_BIG_INT #endif #ifdef WOLFSSL_MICROCHIP_PIC32MZ + #define WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MAX + #ifndef NO_PIC32MZ_CRYPT #define WOLFSSL_PIC32MZ_CRYPT #endif @@ -678,17 +678,17 @@ extern void uITRON4_free(void *p) ; /* static char* gets(char *buff); */ static char* fgets(char *buff, int sz, XFILE fp) { - char * p = buff; - *p = '\0'; + char * s = buff; + *s = '\0'; while (1) { - *p = tm_getchar(-1); - tm_putchar(*p); - if (*p == '\r') { + *s = tm_getchar(-1); + tm_putchar(*s); + if (*s == '\r') { tm_putchar('\n'); - *p = '\0'; + *s = '\0'; break; } - p++; + s++; } return buff; } @@ -1070,7 +1070,9 @@ extern void uITRON4_free(void *p) ; #define ECC_TIMING_RESISTANT #undef HAVE_ECC + #ifndef WOLFCRYPT_FIPS_RAND #define HAVE_ECC + #endif #ifndef NO_AES #undef HAVE_AESCCM #define HAVE_AESCCM @@ -1165,7 +1167,9 @@ extern void uITRON4_free(void *p) ; #endif #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA + #ifndef WOLFCRYPT_FIPS_RAND #define FREESCALE_LTC_ECC + #endif #define FREESCALE_LTC_TFM /* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic. @@ -1215,6 +1219,8 @@ extern void uITRON4_free(void *p) ; #define USE_CERT_BUFFERS_4096 #undef FP_MAX_BITS #define FP_MAX_BITS (8192) + #undef SP_INT_BITS + #define SP_INT_BITS (4096) #undef NO_DH #define NO_DH @@ -1387,11 +1393,18 @@ extern void uITRON4_free(void *p) ; #ifdef MICRIUM #include #include - #include - #include - #include + #if defined(RTOS_MODULE_NET_AVAIL) || (APP_CFG_TCPIP_EN == DEF_ENABLED) + #include + #include + #if (OS_VERSION < 50000) + #include + #endif + #endif #include #include + #include + #include + #include #define USE_FAST_MATH #define TFM_TIMING_RESISTANT @@ -1415,7 +1428,7 @@ extern void uITRON4_free(void *p) ; #define NO_WOLFSSL_DIR #define NO_WRITEV - #ifndef CUSTOM_RAND_GENERATE + #if ! defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(CUSTOM_RAND_GENERATE) #define CUSTOM_RAND_TYPE RAND_NBR #define CUSTOM_RAND_GENERATE Math_Rand #endif @@ -1445,10 +1458,25 @@ extern void uITRON4_free(void *p) ; (CPU_SIZE_T)(size))) #define XMEMCPY(pdest, psrc, size) ((void)Mem_Copy((void *)(pdest), \ (void *)(psrc), (CPU_SIZE_T)(size))) - #define XMEMCMP(pmem_1, pmem_2, size) \ - (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \ - (void *)(pmem_2), \ + + #if (OS_VERSION < 50000) + #define XMEMCMP(pmem_1, pmem_2, size) \ + (((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \ + (void *)(pmem_2), \ (CPU_SIZE_T)(size))) ? DEF_NO : DEF_YES) + #else + /* Work around for Micrium OS version 5.8 change in behavior + * that returns DEF_NO for 0 size compare + */ + #define XMEMCMP(pmem_1, pmem_2, size) \ + (( (size < 1 ) || \ + ((CPU_BOOLEAN)Mem_Cmp((void *)(pmem_1), \ + (void *)(pmem_2), \ + (CPU_SIZE_T)(size)) == DEF_YES)) \ + ? 0 : 1) + #define XSNPRINTF snprintf + #endif + #define XMEMMOVE XMEMCPY #if (OS_CFG_MUTEX_EN == DEF_DISABLED) @@ -1746,6 +1774,21 @@ extern void uITRON4_free(void *p) ; #endif #endif +/* The minimum allowed ECC key size */ +/* Note: 224-bits is equivelant to 2048-bit RSA */ +#ifndef ECC_MIN_KEY_SZ + #ifdef WOLFSSL_MIN_ECC_BITS + #define ECC_MIN_KEY_SZ WOLFSSL_MIN_ECC_BITS + #else + #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2 + /* FIPSv2 and ready (for now) includes 192-bit support */ + #define ECC_MIN_KEY_SZ 192 + #else + #define ECC_MIN_KEY_SZ 224 + #endif + #endif +#endif + /* ECC Configs */ #ifdef HAVE_ECC /* By default enable Sign, Verify, DHE, Key Import and Key Export unless explicitly disabled */ @@ -1929,6 +1972,11 @@ extern void uITRON4_free(void *p) ; #error "FFDHE parameters are too large for FP_MAX_BIT as set" #endif #endif +#if defined(HAVE_FFDHE) && defined(SP_INT_BITS) + #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2 + #error "FFDHE parameters are too large for SP_INT_BIT as set" + #endif +#endif /* if desktop type system and fastmath increase default max bits */ #ifdef WOLFSSL_X86_64_BUILD @@ -1939,6 +1987,13 @@ extern void uITRON4_free(void *p) ; #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS #endif #endif + #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS) + #if MIN_FFDHE_FP_MAX_BITS <= 8192 + #define SP_INT_BITS 4096 + #else + #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2 + #endif + #endif #endif /* If using the max strength build, ensure OLD TLS is disabled. */ @@ -2118,8 +2173,8 @@ extern void uITRON4_free(void *p) ; #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_SP_MOD_WORD_RP - #define WOLFSSL_SP_MOD_WORD_RP + #ifndef WOLFSSL_SP_DIV_WORD_HALF + #define WOLFSSL_SP_DIV_WORD_HALF #endif #ifndef WOLFSSL_OLD_PRIME_CHECK #define WOLFSSL_OLD_PRIME_CHECK @@ -2138,12 +2193,6 @@ extern void uITRON4_free(void *p) ; #ifndef WOLFSSL_SP_DIV_WORD_HALF #define WOLFSSL_SP_DIV_WORD_HALF #endif - #ifndef SP_HALF_SIZE - #define SP_HALF_SIZE 32 - #endif - #ifndef SP_HALF_MAX - #define SP_HALF_MAX 4294967295U - #endif #endif @@ -2154,7 +2203,8 @@ extern void uITRON4_free(void *p) ; #undef HAVE_GMTIME_R /* don't trust macro with windows */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(HAVE_LIGHTY) #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define OPENSSL_NO_ENGINE #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT @@ -2175,7 +2225,7 @@ extern void uITRON4_free(void *p) ; #endif #endif -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#ifdef HAVE_SNI #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif @@ -2248,17 +2298,23 @@ extern void uITRON4_free(void *p) ; #endif /* Parts of the openssl compatibility layer require peer certs */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ + || defined(HAVE_LIGHTY) #undef KEEP_PEER_CERT #define KEEP_PEER_CERT #endif -/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/ -#ifdef WOLFSSL_ARMASM +/* RAW hash function APIs are not implemented */ +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AFALG_HASH) #undef WOLFSSL_NO_HASH_RAW #define WOLFSSL_NO_HASH_RAW #endif +/* XChacha not implemented with ARM assembly ChaCha */ +#if defined(WOLFSSL_ARMASM) + #undef HAVE_XCHACHA +#endif + #if !defined(WOLFSSL_SHA384) && !defined(WOLFSSL_SHA512) && defined(NO_AES) && \ !defined(WOLFSSL_SHA3) #undef WOLFSSL_NO_WORD64_OPS @@ -2297,7 +2353,8 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \ !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \ - defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_RSA_PUBLIC_ONLY) + (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + defined(WOLFSSL_RSA_PUBLIC_ONLY) #undef WOLFSSL_NO_FORCE_ZERO #define WOLFSSL_NO_FORCE_ZERO #endif @@ -2323,6 +2380,13 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SMALL_STACK #endif +#ifdef WOLFSSL_SMALL_STACK_STATIC + #undef WOLFSSL_SMALL_STACK_STATIC + #define WOLFSSL_SMALL_STACK_STATIC static +#else + #define WOLFSSL_SMALL_STACK_STATIC +#endif + /* The client session cache requires time for timeout */ #if defined(NO_ASN_TIME) && !defined(NO_SESSION_CACHE) #define NO_SESSION_CACHE diff --git a/source/libs/libwolfssl/wolfcrypt/sha.h b/source/libs/libwolfssl/wolfcrypt/sha.h index a9d10257..4d42ea7f 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha.h +++ b/source/libs/libwolfssl/wolfcrypt/sha.h @@ -75,6 +75,9 @@ #ifdef WOLFSSL_IMXRT_DCP #include #endif +#if defined(WOLFSSL_SILABS_SE_ACCEL) + #include +#endif #if !defined(NO_OLD_SHA_NAMES) #define SHA WC_SHA @@ -114,6 +117,8 @@ struct wc_Sha { ltc_hash_ctx_t ctx; #elif defined(STM32_HASH) STM32_HASH_Context stmCtx; +#elif defined(WOLFSSL_SILABS_SE_ACCEL) + wc_silabs_sha_t silabsCtx; #else word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ diff --git a/source/libs/libwolfssl/wolfcrypt/sha256.h b/source/libs/libwolfssl/wolfcrypt/sha256.h index c421fd07..1ae4f74d 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha256.h +++ b/source/libs/libwolfssl/wolfcrypt/sha256.h @@ -88,6 +88,9 @@ #if defined(WOLFSSL_CRYPTOCELL) #include #endif +#if defined(WOLFSSL_SILABS_SE_ACCEL) + #include +#endif #if defined(_MSC_VER) #define SHA256_NOINLINE __declspec(noinline) @@ -138,6 +141,8 @@ struct wc_Sha256 { ltc_hash_ctx_t ctx; #elif defined(STM32_HASH_SHA2) STM32_HASH_Context stmCtx; +#elif defined(WOLFSSL_SILABS_SE_ACCEL) + wc_silabs_sha_t silabsCtx; #else /* alignment on digest and buffer speeds up ARMv8 crypto operations */ ALIGN16 word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; diff --git a/source/libs/libwolfssl/wolfcrypt/sha3.h b/source/libs/libwolfssl/wolfcrypt/sha3.h index 02be26fb..d580c42b 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha3.h +++ b/source/libs/libwolfssl/wolfcrypt/sha3.h @@ -90,7 +90,7 @@ enum { #else /* Sha3 digest */ -struct Sha3 { +struct wc_Sha3 { /* State data that is processed for each block. */ word64 s[25]; /* Unprocessed message data. */ @@ -109,7 +109,7 @@ struct Sha3 { }; #ifndef WC_SHA3_TYPE_DEFINED - typedef struct Sha3 wc_Sha3; + typedef struct wc_Sha3 wc_Sha3; #define WC_SHA3_TYPE_DEFINED #endif diff --git a/source/libs/libwolfssl/wolfcrypt/sha512.h b/source/libs/libwolfssl/wolfcrypt/sha512.h index 44fa85fb..e68b7cd8 100644 --- a/source/libs/libwolfssl/wolfcrypt/sha512.h +++ b/source/libs/libwolfssl/wolfcrypt/sha512.h @@ -76,6 +76,10 @@ #ifdef WOLFSSL_ESP32WROOM32_CRYPT #include #endif +#if defined(WOLFSSL_SILABS_SE_ACCEL) + #include +#endif + #if defined(_MSC_VER) #define SHA512_NOINLINE __declspec(noinline) #elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) @@ -136,6 +140,10 @@ struct wc_Sha512 { !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) WC_ESP32SHA ctx; #endif +#if defined(WOLFSSL_SILABS_SE_ACCEL) + wc_silabs_sha_t silabsCtx; +#endif + #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) word32 flags; /* enum wc_HashFlags in hash.h */ #endif diff --git a/source/libs/libwolfssl/wolfcrypt/sp_int.h b/source/libs/libwolfssl/wolfcrypt/sp_int.h index ee574608..6092d5d0 100644 --- a/source/libs/libwolfssl/wolfcrypt/sp_int.h +++ b/source/libs/libwolfssl/wolfcrypt/sp_int.h @@ -28,10 +28,120 @@ This library provides single precision (SP) integer math functions. #define WOLF_CRYPT_SP_INT_H #ifndef WOLFSSL_LINUXKM -#include #include #endif +#ifdef __cplusplus +extern "C" { +#endif + +/* Find smallest type for smallest bits. */ +#if UCHAR_MAX == 255 + #define SP_UCHAR_BITS 8 + + typedef unsigned char sp_uint8; + typedef char sp_int8; +#elif UCHAR_MAX == 127 + #define SP_UCHAR_BITS 7 + + typedef unsigned char sp_uint7; + typedef char sp_int7; +#else + #error "Size of unsigned short not detected" +#endif + +#if USHRT_MAX == 65535 + #define SP_USHORT_BITS 16 + + typedef unsigned short sp_uint16; + typedef short sp_int16; +#elif USHRT_MAX == 255 + #define SP_USHORT_BITS 8 + + #if USHRT_MAX > UCHAR_MAX + typedef unsigned short sp_uint8; + typedef short sp_int8; + #endif +#else + #error "Size of unsigned short not detected" +#endif + +#if UINT_MAX == 4294967295UL + #define SP_UINT_BITS 32 + + typedef unsigned int sp_uint32; + typedef int sp_int32; +#elif UINT_MAX == 65535 + #define SP_UINT_BITS 16 + + #if UINT_MAX > USHRT_MAX + typedef unsigned int sp_uint16; + typedef int sp_int16; + #endif +#elif UINT_MAX == 255 + #define SP_UINT_BITS 8 + + #if UINT_MAX > USHRT_MAX + typedef unsigned int sp_uint8; + typedef int sp_int8; + #endif +#else + #error "Size of unsigned int not detected" +#endif + +#if ULONG_MAX == 18446744073709551615UL + #define SP_ULONG_BITS 64 + + typedef unsigned long sp_uint64; + typedef long sp_int64; +#elif ULONG_MAX == 4294967295UL + #define SP_ULONG_BITS 32 + + #if ULONG_MAX > UINT_MAX + typedef unsigned long sp_uint32; + typedef long sp_int32; + #endif +#elif ULONG_MAX == 65535 + #define SP_ULONG_BITS 16 + + #if ULONG_MAX > UINT_MAX + typedef unsigned long sp_uint16; + typedef long sp_int16; + #endif +#else + #error "Size of unsigned long not detected" +#endif + +#if ULLONG_MAX == 18446744073709551615UL + #define SP_ULLONG_BITS 64 + + #if SP_ULLONG_BITS > SP_ULONG_BITS + typedef unsigned long long sp_uint64; + typedef long long sp_int64; + #endif +#elif ULLONG_MAX == 4294967295UL + #define SP_ULLONG_BITS 32 + + #if SP_ULLONG_BITS > SP_ULONG_BITS + typedef unsigned long long sp_uint32; + typedef long long sp_int32; + #endif +#elif ULLONG_MAX == 65535 + #define SP_ULLONG_BITS 16 + + #if SP_ULLONG_BITS > SP_ULONG_BITS + typedef unsigned long long sp_uint16; + typedef long long sp_int16; + #endif +#else + #error "Size of unsigned long long not detected" +#endif + + +#ifdef WOLFSSL_SP_DIV_32 +#define WOLFSSL_SP_DIV_WORD_HALF +#endif + /* Make sure WOLFSSL_SP_ASM build option defined when requested */ #if !defined(WOLFSSL_SP_ASM) && ( \ defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ @@ -41,19 +151,47 @@ This library provides single precision (SP) integer math functions. #endif -#ifdef WOLFSSL_SP_X86_64_ASM - #define SP_WORD_SIZE 64 - - #define HAVE_INTEL_AVX1 - #define HAVE_INTEL_AVX2 -#elif defined(WOLFSSL_SP_ARM64_ASM) - #define SP_WORD_SIZE 64 -#elif defined(WOLFSSL_SP_ARM32_ASM) +/* Detemine the number of bits to use in each word. */ +#ifdef SP_WORD_SIZE +#elif defined(WOLFSSL_DSP_BUILD) #define SP_WORD_SIZE 32 -#elif defined(WOLFSSL_SP_ARM_THUMB_ASM) +#elif defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_X86_64) + #if SP_ULONG_BITS == 64 + #define SP_WORD_SIZE 64 + #define HAVE_INTEL_AVX1 + #define HAVE_INTEL_AVX2 + #elif SP_ULONG_BITS == 32 + #define SP_WORD_SIZE 32 + #undef WOLFSSL_SP_ASM + #elif SP_ULONG_BITS == 16 + #define SP_WORD_SIZE 16 + #undef WOLFSSL_SP_ASM + #endif +#elif defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM64) + #define SP_WORD_SIZE 64 +#elif defined(WOLFSSL_SP_ARM32_ASM) || defined(WOLFSSL_SP_ARM32) #define SP_WORD_SIZE 32 +#elif defined(WOLFSSL_SP_ARM_THUMB_ASM) || defined(WOLFSSL_SP_ARM_THUMB) + #define SP_WORD_SIZE 32 +#elif defined(WOLFSSL_SP_PPC) + #define SP_WORD_SIZE 32 +#elif defined(WOLFSSL_SP_PPC64) + #define SP_WORD_SIZE 64 +#elif defined(WOLFSSL_SP_MIPS) + #define SP_WORD_SIZE 32 +#elif defined(WOLFSSL_SP_MIPS64) + #define SP_WORD_SIZE 64 +#elif defined(WOLFSSL_SP_RISCV32) + #define SP_WORD_SIZE 32 +#elif defined(WOLFSSL_SP_RISCV64) + #define SP_WORD_SIZE 64 +#elif defined(WOLFSSL_SP_S390X) + #define SP_WORD_SIZE 64 #endif +/* If no predefined or assembly required size then use maximum available + * with compiler. + */ #ifndef SP_WORD_SIZE #if defined(NO_64BIT) || !defined(HAVE___UINT128_T) #define SP_WORD_SIZE 32 @@ -62,63 +200,109 @@ This library provides single precision (SP) integer math functions. #endif #endif -#ifdef WOLFSSL_DSP_BUILD - typedef int32 sp_digit; - typedef uint32 sp_int_digit; - typedef uint64 sp_int_word; - typedef int64 sp_int_sword; - #undef SP_WORD_SIZE - #define SP_WORD_SIZE 32 -#elif !defined(WOLFSSL_SP_ASM) - #if SP_WORD_SIZE == 32 - typedef int32_t sp_digit; - typedef uint32_t sp_int_digit; - typedef uint64_t sp_int_word; - typedef int64_t sp_int_sword; - #elif SP_WORD_SIZE == 64 - typedef int64_t sp_digit; - typedef uint64_t sp_int_digit; +/* Number of bytes in each word. */ +#define SP_WORD_SIZEOF (SP_WORD_SIZE / 8) + +/* Define the types used. */ +#ifdef HAVE___UINT128_T #ifdef __SIZEOF_INT128__ - typedef __uint128_t uint128_t; - typedef __int128_t int128_t; + typedef __uint128_t sp_uint128; + typedef __int128_t sp_int128; #else - typedef unsigned long uint128_t __attribute__ ((mode(TI))); - typedef long int128_t __attribute__ ((mode(TI))); + typedef unsigned long sp_uint128 __attribute__ ((mode(TI))); + typedef long sp_int128 __attribute__ ((mode(TI))); #endif - typedef uint128_t sp_int_word; - typedef int128_t sp_int_sword; - #endif -#else - #if SP_WORD_SIZE == 32 - typedef uint32_t sp_digit; - typedef uint32_t sp_int_digit; - typedef uint64_t sp_int_word; - typedef int64_t sp_int_sword; - #elif SP_WORD_SIZE == 64 - typedef uint64_t sp_digit; - typedef uint64_t sp_int_digit; - #ifdef __SIZEOF_INT128__ - typedef __uint128_t uint128_t; - typedef __int128_t int128_t; - #else - typedef unsigned long uint128_t __attribute__ ((mode(TI))); - typedef long int128_t __attribute__ ((mode(TI))); + #ifndef WOLFSSL_UINT128_T_DEFINED + #ifdef __SIZEOF_INT128__ + typedef __uint128_t uint128_t; + typedef __int128_t int128_t; + #else + typedef unsigned long uint128_t __attribute__ ((mode(TI))); + typedef long int128_t __attribute__ ((mode(TI))); + #endif + #define WOLFSSL_UINT128_T_DEFINED #endif - typedef uint128_t sp_int_word; - typedef int128_t sp_int_sword; - #endif #endif -#if SP_WORD_SIZE == 32 - #define SP_MASK ((sp_int_digit)0xffffffffU) +#if SP_WORD_SIZE == 8 + typedef sp_uint8 sp_int_digit; + typedef sp_int8 sp_sint_digit; + typedef sp_uint16 sp_int_word; + typedef sp_int16 sp_int_sword; + + #define SP_MASK 0xffU +#elif SP_WORD_SIZE == 16 + typedef sp_uint16 sp_int_digit; + typedef sp_int16 sp_sint_digit; + typedef sp_uint32 sp_int_word; + typedef sp_int32 sp_int_sword; + + #define SP_MASK 0xffffU +#elif SP_WORD_SIZE == 32 + typedef sp_uint32 sp_int_digit; + typedef sp_int32 sp_sint_digit; + typedef sp_uint64 sp_int_word; + typedef sp_int64 sp_int_sword; + + #define SP_MASK 0xffffffffU #elif SP_WORD_SIZE == 64 - #define SP_MASK ((sp_int_digit)0xffffffffffffffffUL) + typedef sp_uint64 sp_int_digit; + typedef sp_int64 sp_sint_digit; + typedef sp_uint128 sp_int_word; + typedef sp_int128 sp_int_sword; + + #define SP_MASK 0xffffffffffffffffUL #else #error Word size not defined #endif +/* Define an SP digit. */ +#ifndef WOLFSSL_SP_ASM + /* SP C code uses n/m bits and therefore needs a signed type. */ + #if SP_WORD_SIZE == 8 + typedef sp_int8 sp_digit; + #elif SP_WORD_SIZE == 16 + typedef sp_int16 sp_digit; + #elif SP_WORD_SIZE == 32 + typedef sp_int32 sp_digit; + #elif SP_WORD_SIZE == 64 + typedef sp_int64 sp_digit; + #endif +#else + /* SP ASM code uses full size and needs an unsigned type. */ + #if SP_WORD_SIZE == 8 + typedef sp_uint8 sp_digit; + #elif SP_WORD_SIZE == 16 + typedef sp_uint16 sp_digit; + #elif SP_WORD_SIZE == 32 + typedef sp_uint32 sp_digit; + #elif SP_WORD_SIZE == 64 + typedef sp_uint64 sp_digit; + #endif +#endif + +/** Number of bits in a half a word. */ +#define SP_HALF_SIZE (SP_WORD_SIZE / 2) +/** Maximum value that can be held in a half a word. */ +#define SP_HALF_MAX (((sp_digit)1 << SP_HALF_SIZE) - 1) +/** Maximum value that can be held in a word. */ +#define SP_DIGIT_MAX SP_MASK +/* Number of bits to shift to divide by word size. */ +#if SP_WORD_SIZE == 8 + #define SP_WORD_SHIFT 3 +#elif SP_WORD_SIZE == 16 + #define SP_WORD_SHIFT 4 +#elif SP_WORD_SIZE == 32 + #define SP_WORD_SHIFT 5 +#elif SP_WORD_SIZE == 64 + #define SP_WORD_SHIFT 6 +#endif +/* Mask of word size. */ +#define SP_WORD_MASK (SP_WORD_SIZE - 1) + #if defined(WOLFSSL_HAVE_SP_ECC) && defined(WOLFSSL_SP_NONBLOCK) +/* Non-blocking ECC operation context. */ typedef struct sp_ecc_ctx { #ifdef WOLFSSL_SP_384 byte data[48*80]; /* stack data */ @@ -128,186 +312,590 @@ typedef struct sp_ecc_ctx { } sp_ecc_ctx_t; #endif -#ifdef WOLFSSL_SP_MATH +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) #include -#if !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) - #if !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) - #define SP_INT_DIGITS ((512 + SP_WORD_SIZE) / SP_WORD_SIZE) - #elif defined(WOLFSSL_SP_384) - #define SP_INT_DIGITS ((384 + SP_WORD_SIZE) / SP_WORD_SIZE) +#ifdef SP_INT_BITS + /* Calculate number of digits to have in an sp_int based maximum size of + * numbers in bits that will be used. + * Double the size to hold multiplication result. + * Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), sp_sqr(), and sp_sqrmod(). + */ + #define SP_INT_DIGITS \ + ((((SP_INT_BITS + (SP_WORD_SIZE - 1)) * 2 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) +#endif + +#ifndef SP_INT_DIGITS + /* Calculate number of digits to have in an sp_int based on features + * compiled in. + */ + #if !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) && \ + !defined(WOLFSSL_HAVE_SP_ECC) + #if !defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA) + #define SP_INT_DIGITS (((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #elif defined(HAVE_ECC) + #define SP_INT_DIGITS \ + (((2 * ( 521 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #elif !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) + #define SP_INT_DIGITS ((( 512 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #else + #define SP_INT_DIGITS ((( 256 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #endif + #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) + #ifdef WOLFSSL_SP_MATH_ALL + #define SP_INT_DIGITS \ + (((2 * ( 521 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #elif defined(WOLFSSL_SP_384) + #define SP_INT_DIGITS ((( 768 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #else + #define SP_INT_DIGITS ((( 512 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #endif + #elif defined(WOLFSSL_SP_4096) + #if defined(WOLFSSL_HAVE_SP_DH) + #define SP_INT_DIGITS (((8192 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #else + #define SP_INT_DIGITS (((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #endif + #elif !defined(WOLFSSL_SP_NO_3072) + #if defined(WOLFSSL_HAVE_SP_DH) + #define SP_INT_DIGITS (((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #else + #define SP_INT_DIGITS (((3072 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #endif #else - #define SP_INT_DIGITS ((256 + SP_WORD_SIZE) / SP_WORD_SIZE) - #endif -#elif defined(WOLFSSL_SP_4096) - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS ((8192 + SP_WORD_SIZE) / SP_WORD_SIZE) - #else - #define SP_INT_DIGITS ((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) - #endif -#elif !defined(WOLFSSL_SP_NO_3072) - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS ((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) - #else - #define SP_INT_DIGITS ((3072 + SP_WORD_SIZE) / SP_WORD_SIZE) - #endif -#else - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS ((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) - #else - #define SP_INT_DIGITS ((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + #if defined(WOLFSSL_HAVE_SP_DH) + #define SP_INT_DIGITS (((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #else + #define SP_INT_DIGITS (((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) + #endif #endif #endif -#define sp_isodd(a) ((a)->used != 0 && ((a)->dp[0] & 1)) -#define sp_iseven(a) ((a)->used != 0 && ((a)->dp[0] & 1) == 0) -#define sp_iszero(a) ((a)->used == 0) -#define sp_isone(a) ((a)->used == 1 && (a)->dp[0] == 1) -#define sp_abs(a, b) sp_copy(a, b) +#ifndef SP_INT_MAX_BITS + /* Convert number digits to number of bits. */ + #define SP_INT_MAX_BITS (SP_INT_DIGITS * SP_WORD_SIZE) +#endif + + +/* For debugging only - format string for different digit sizes. */ +#if SP_WORD_SIZE == 64 + #if SP_ULONG_BITS == 64 + #define SP_PRINT_FMT "%016lx" + #else + #define SP_PRINT_FMT "%016llx" + #endif +#elif SP_WORD_SIZE == 32 + #if SP_UINT_BITS == 32 + #define SP_PRINT_FMT "%08x" + #else + #define SP_PRINT_FMT "%08lx" + #endif +#elif SP_WORD_SIZE == 16 + #define SP_PRINT_FMT "%04x" +#elif SP_WORD_SIZE == 8 + #define SP_PRINT_FMT "%02x" +#endif + +#ifndef NO_FILESYSTEM +/* Output is formatted to be used with script that checks calculations. */ + +/* Print out a number in big endian. */ +#ifndef WOLFSSL_SP_INT_NEGATIVE +/* Print out a positive multi-precision number. + * + * @param [in] a SP integer to print. + * @param [in] s String that describes the use of the number. + */ +#define sp_print(a, s) \ + do { \ + int ii; \ + fprintf(stderr, "%s=0x0", s); \ + for (ii = (a)->used-1; ii >= 0; ii--) { \ + fprintf(stderr, SP_PRINT_FMT, (a)->dp[ii]); \ + } \ + fprintf(stderr, "\n"); \ + } \ + while (0) +#else +/* Print out a multi-precision number. + * + * @param [in] a SP integer to print. + * @param [in] s String that describes the use of the number. + */ +#define sp_print(a, s) \ + do { \ + int ii; \ + fprintf(stderr, "%s=0x", s); \ + if ((a)->sign == MP_NEG) { \ + fprintf(stderr, "-"); \ + } \ + fprintf(stderr, "0"); \ + for (ii = (a)->used-1; ii >= 0; ii--) { \ + fprintf(stderr, SP_PRINT_FMT, (a)->dp[ii]); \ + } \ + fprintf(stderr, "\n"); \ + } \ + while (0) +#endif + +/* Print out a single multi-precision digit. + * + * @param [in] a SP integer digit to print. + * @param [in] s String that describes the use of the number. + */ +#define sp_print_digit(a, s) \ + do { \ + fprintf(stderr, "%s=0x0", s); \ + fprintf(stderr, SP_PRINT_FMT, a); \ + fprintf(stderr, "\n"); \ + } \ + while (0) + +/* Print out an integer. + * + * @param [in] a Number to print. + * @param [in] s String that describes the use of the number. + */ +#define sp_print_int(a, s) \ + do { \ + fprintf(stderr, "%s=0x0%x\n", s, a); \ + } \ + while (0) + +#else + + /* No filesystem, no output + * TODO: Use logging API? + */ + #define sp_print(a, s) + #define sp_print_digit(a, s) + #define sp_print_int(a, s) + +#endif + +/* Returns whether multi-precision number is odd + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to check. + * @return 1 when odd. + * @return 0 when even. + */ +#define sp_isodd(a) (((a)->used != 0) && ((a)->dp[0] & 1)) +/* Returns whether multi-precision number is even + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to check. + * @return 1 when even. + * @return 0 when odd. + */ +#define sp_iseven(a) (((a)->used != 0) && (((a)->dp[0] & 1) == 0)) +/* Returns whether multi-precision number has the value zero. + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to check. + * @return 1 when zero. + * @return 0 when not zero. + */ +#define sp_iszero(a) ((a)->used == 0) +/* Returns whether multi-precision number has the value one. + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to check. + * @return 1 when one. + * @return 0 when not one. + */ +#define sp_isone(a) (((a)->used == 1) && ((a)->dp[0] == 1)) +/* Returns whether multi-precision number has the value 'd'. + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to check. + * @param [in] d SP integer digit. + * @return 1 when one. + * @return 0 when not one. + */ +#define sp_isword(a, d) (((a)->used == 1) && ((a)->dp[0] == d)) +#ifndef WOLFSSL_SP_INT_NEGATIVE +/* Calculate the absolute value of the multi-precision number. + * + * Negative support not compiled in so just copies. + * + * @param [in] a SP integer to calculate absolute value of. + * @param [out] r SP integer to hold result. + * + * @return MP_OKAY on success. + * @return MP_VAL when a or r is NULL. + */ +#define sp_abs(a, b) sp_copy(a, b) +/* Returns whether multi-precision number is negative. + * + * Negative support not compiled in so always returns 0 (false). + * + * @param [in] a SP integer to check. + * @param [in] d SP integer digit. + * @return 0 indicating not negative always. + */ +#define sp_isneg(a) (0) +#else +/* Returns whether multi-precision number is negative. + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to check. + * @param [in] d SP integer digit. + * @return 1 when negative. + * @return 0 when not negative. + */ +#define sp_isneg(a) ((a)->sign == MP_NEG) +#endif +/* Updates the used count to exclude leading zeros. + * + * Assumes a is not NULL. + * + * @param [in] a SP integer to update. + */ +#define sp_clamp(a) \ + do { \ + int ii; \ + for (ii = a->used - 1; ii >= 0 && a->dp[ii] == 0; ii--) { \ + } \ + a->used = ii + 1; \ + } while (0) + +/* Check the compiled and linked math implementation are the same. + * Use the number of bits in a digit as indication of how code was compiled. + * + * @return 1 when the number of bits are the same. + * @return 0 when the number of bits are differnt. + */ +#define CheckFastMathSettings() (SP_WORD_SIZE == CheckRunTimeFastMath()) + + +#ifdef WOLFSSL_SP_INT_NEGATIVE + #ifdef HAVE_WOLF_BIGINT + #define SP_INT_EXTRA_OVERHEAD sizeof(int) + sizeof(struct WC_BIGINT) + #else + #define SP_INT_EXTRA_OVERHEAD sizeof(int) + #endif +#elif defined(HAVE_WOLF_BIGINT) + #define SP_INT_EXTRA_OVERHEAD sizeof(struct WC_BIGINT) +#else + #define SP_INT_EXTRA_OVERHEAD 0 +#endif +#define WOLFSSL_SP_INT_OVERHEAD \ + (sizeof(int) + sizeof(int) + SP_INT_EXTRA_OVERHEAD) + +#define MP_INT_SIZEOF(cnt) \ + (WOLFSSL_SP_INT_OVERHEAD + ((cnt) * SP_WORD_SIZEOF)) + + +/** + * A reuslt of NO. + * e.g. Is prime? NO. + */ +#define MP_NO 0 +/** + * A reuslt of YES. + * e.g. Is prime? YES. + */ +#define MP_YES 1 + +#ifdef WOLFSSL_SP_INT_NEGATIVE +/** Number is 0/positive. */ +#define MP_ZPOS 0 +/** Number is negative. */ +#define MP_NEG 1 +#endif + +/** Radix is base 10 or decimal. */ +#define MP_RADIX_DEC 10 +/** Radix is base 16 or hexadecimal. */ +#define MP_RADIX_HEX 16 + +/** Result of comparison is that the first number is greater than second. */ +#define MP_GT 1 +/** Result of comparison is they are equal. */ +#define MP_EQ 0 +/** Result of comparison is that the first number is less than second. */ +#define MP_LT -1 + +/** Error value on success. */ +#define MP_OKAY 0 +/** Error value when dynamic memory allocation fails. */ +#define MP_MEM -2 +/** Error value when value passed is not able to be used. */ +#define MP_VAL -3 +/** Error value when non-blocking operation is returning after partial + * completion. + */ +#define FP_WOULDBLOCK -4 + +/* Number of bits in each word/digit. */ +#define DIGIT_BIT SP_WORD_SIZE +/* Mask of all used bits in word/digit. */ +#define MP_MASK SP_MASK + #ifdef HAVE_WOLF_BIGINT - /* raw big integer */ + /* Raw big integer as a big-endian byte array. + * + * Useful for when using hardware - canonical format. + */ typedef struct WC_BIGINT { + /* Dynamically allocated buffer that is big-endian byte array. */ byte* buf; + /* Length of buffer in bytes. */ word32 len; + /* Hint for heap used to allocate buffer. */ void* heap; } WC_BIGINT; + + /* Ensure WC_BIGINT defined once. */ #define WOLF_BIGINT_DEFINED #endif + +/** + * SP integer. + * + * dp at end so user can allocate a smaller amount and set size. + */ typedef struct sp_int { + /** Number of words that contain data. */ int used; + /** Maximum number of words in data. */ int size; - sp_int_digit dp[SP_INT_DIGITS]; -#ifdef HAVE_WOLF_BIGINT - struct WC_BIGINT raw; /* unsigned binary (big endian) */ +#ifdef WOLFSSL_SP_INT_NEGATIVE + /** Indicates whether number is 0/positive or negative. */ + int sign; #endif +#ifdef HAVE_WOLF_BIGINT + /** Unsigned binary (big endian) representation of number. */ + struct WC_BIGINT raw; +#endif + /** Data of number. */ + sp_int_digit dp[SP_INT_DIGITS]; } sp_int; +/* Mulit-precision integer type is SP integer type. */ typedef sp_int mp_int; +/* Mulit-precision integer digit type is SP integer digit type. + * Type is unsigned. + */ typedef sp_int_digit mp_digit; + +/* Include the maths operations that are not implementation specific. */ #include +/* + * Function prototypes. + */ MP_API int sp_init(sp_int* a); -MP_API int sp_init_multi(sp_int* a, sp_int* b, sp_int* c, sp_int* d, - sp_int* e, sp_int* f); +MP_API int sp_init_size(sp_int* a, int size); +MP_API int sp_init_multi(sp_int* n1, sp_int* n2, sp_int* n3, sp_int* n4, + sp_int* n5, sp_int* n6); MP_API void sp_free(sp_int* a); -MP_API void sp_clear(sp_int* a); -MP_API int sp_unsigned_bin_size(sp_int* a); -MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz); -MP_API int sp_read_radix(sp_int* a, const char* in, int radix); -MP_API int sp_cmp(sp_int* a, sp_int* b); -MP_API int sp_count_bits(sp_int* a); -MP_API int sp_leading_bit(sp_int* a); -MP_API int sp_to_unsigned_bin(sp_int* a, byte* out); -MP_API int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz); -MP_API void sp_forcezero(sp_int* a); -MP_API int sp_copy(sp_int* a, sp_int* r); -MP_API int sp_set(sp_int* a, sp_int_digit d); -MP_API void sp_clamp(sp_int* a); MP_API int sp_grow(sp_int* a, int l); -MP_API int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r); -MP_API int sp_cmp_d(sp_int* a, sp_int_digit d); -MP_API int sp_sub(sp_int* a, sp_int* b, sp_int* r); -MP_API int sp_mod(sp_int* a, sp_int* m, sp_int* r); + MP_API void sp_zero(sp_int* a); -MP_API int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r); -MP_API int sp_lshd(sp_int* a, int s); -MP_API int sp_add(sp_int* a, sp_int* b, sp_int* r); -MP_API int sp_set_int(sp_int* a, unsigned long b); -MP_API int sp_tohex(sp_int* a, char* str); +MP_API void sp_clear(sp_int* a); +MP_API void sp_forcezero(sp_int* a); +MP_API int sp_init_copy (sp_int* r, sp_int* a); + +MP_API int sp_copy(sp_int* a, sp_int* r); +MP_API int sp_exch(sp_int* a, sp_int* b); +MP_API int sp_cond_swap_ct(mp_int * a, mp_int * b, int c, int m); + +#ifdef WOLFSSL_SP_INT_NEGATIVE +MP_API int sp_abs(sp_int* a, sp_int* b); +#endif +MP_API int sp_cmp_mag(sp_int* a, sp_int* b); +MP_API int sp_cmp(sp_int* a, sp_int* b); + +MP_API int sp_is_bit_set(sp_int* a, unsigned int b); +MP_API int sp_count_bits(sp_int* a); +#if defined(HAVE_ECC) && defined(HAVE_COMP_KEY) +MP_API int sp_cnt_lsb(sp_int* a); +#endif +MP_API int sp_leading_bit(sp_int* a); MP_API int sp_set_bit(sp_int* a, int i); MP_API int sp_2expt(sp_int* a, int e); -MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); + +MP_API int sp_set(sp_int* a, sp_int_digit d); +MP_API int sp_set_int(sp_int* a, unsigned long n); +MP_API int sp_cmp_d(sp_int* a, sp_int_digit d); +MP_API int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r); +MP_API int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem); +#if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && \ + defined(HAVE_COMP_KEY)) +MP_API int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r); +#endif +MP_API int sp_div_2_mod_ct (sp_int* a, sp_int* b, sp_int* c); +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) +MP_API int sp_div_2(sp_int* a, sp_int* r); +#endif + +MP_API int sp_add(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_sub(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_addmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); +MP_API int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); +MP_API int sp_submod_ct (sp_int* a, sp_int* b, sp_int* c, sp_int* d); +MP_API int sp_addmod_ct (sp_int* a, sp_int* b, sp_int* c, sp_int* d); + +MP_API int sp_lshd(sp_int* a, int s); +MP_API void sp_rshd(sp_int* a, int c); +MP_API void sp_rshb(sp_int* a, int n, sp_int* r); + +#ifdef WOLFSSL_SP_MATH_ALL +MP_API int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem); +#endif +MP_API int sp_mod(sp_int* a, sp_int* m, sp_int* r); + MP_API int sp_mul(sp_int* a, sp_int* b, sp_int* r); MP_API int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r); -MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r); + MP_API int sp_invmod(sp_int* a, sp_int* m, sp_int* r); -MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_invmod_mont_ct(sp_int* a, sp_int* m, sp_int* r, sp_int_digit mp); + +MP_API int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, + sp_int* r); MP_API int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r); +MP_API int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r); + +MP_API int sp_div_2d(sp_int* a, int e, sp_int* r, sp_int* rem); +MP_API int sp_mod_2d(sp_int* a, int e, sp_int* r); +MP_API int sp_mul_2d(sp_int* a, int e, sp_int* r); + +MP_API int sp_sqr(sp_int* a, sp_int* r); +MP_API int sp_sqrmod(sp_int* a, sp_int* m, sp_int* r); + +MP_API int sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp); +MP_API int sp_mont_setup(sp_int* m, sp_int_digit* rho); +MP_API int sp_mont_norm(sp_int* norm, sp_int* m); + +MP_API int sp_unsigned_bin_size(sp_int* a); +MP_API int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz); +MP_API int sp_to_unsigned_bin(sp_int* a, byte* out); +MP_API int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz); +MP_API int sp_to_unsigned_bin_at_pos(int o, sp_int* a, unsigned char* out); + +MP_API int sp_read_radix(sp_int* a, const char* in, int radix); +MP_API int sp_tohex(sp_int* a, char* str); +MP_API int sp_todecimal(mp_int* a, char* str); +MP_API int sp_toradix(mp_int* a, char* str, int radix); +MP_API int sp_radix_size(mp_int* a, int radix, int* size); + +MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); MP_API int sp_prime_is_prime(mp_int* a, int t, int* result); MP_API int sp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); -MP_API int sp_exch(sp_int* a, sp_int* b); -MP_API int sp_get_digit_count(sp_int *a); -MP_API int sp_init_copy (sp_int * a, sp_int * b); -MP_API void sp_rshb(sp_int* a, int n, sp_int* r); -MP_API int sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r); +MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r); +MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r); + +WOLFSSL_API word32 CheckRunTimeFastMath(void); -#define MP_NO 0 -#define MP_YES 1 +/* Map mp functions to SP math versions. */ +/* Different name or signature. */ +#define mp_mul_2(a, r) sp_mul_2d(a, 1, r) +#define mp_div_3(a, r, rem) sp_div_d(a, 3, r, rem) +#define mp_rshb(A,x) sp_rshb(A,x,A) +#define mp_is_bit_set(a,b) sp_is_bit_set(a,(unsigned int)b) +#define mp_montgomery_reduce sp_mont_red +#define mp_montgomery_setup sp_mont_setup +#define mp_montgomery_calc_normalization sp_mont_norm -#define MP_RADIX_HEX 16 +/* Macros mappings. */ +#define mp_isodd sp_isodd +#define mp_iseven sp_iseven +#define mp_iszero sp_iszero +#define mp_isone sp_isone +#define mp_isword sp_isword +#define mp_abs sp_abs +#define mp_isneg sp_isneg +#define mp_clamp sp_clamp -#define MP_GT 1 -#define MP_EQ 0 -#define MP_LT -1 +/* One to one mappings. */ +#define mp_init sp_init +#define mp_init_size sp_init_size +#define mp_init_multi sp_init_multi +#define mp_free sp_free +#define mp_grow sp_grow +#define mp_zero sp_zero +#define mp_clear sp_clear +#define mp_forcezero sp_forcezero +#define mp_copy sp_copy +#define mp_init_copy sp_init_copy +#define mp_exch sp_exch +#define mp_cond_swap_ct sp_cond_swap_ct +#define mp_cmp_mag sp_cmp_mag +#define mp_cmp sp_cmp +#define mp_count_bits sp_count_bits +#define mp_cnt_lsb sp_cnt_lsb +#define mp_leading_bit sp_leading_bit +#define mp_set_bit sp_set_bit +#define mp_2expt sp_2expt +#define mp_set sp_set +#define mp_set_int sp_set_int +#define mp_cmp_d sp_cmp_d +#define mp_add_d sp_add_d +#define mp_sub_d sp_sub_d +#define mp_mul_d sp_mul_d +#define mp_div_d sp_div_d +#define mp_mod_d sp_mod_d +#define mp_div_2_mod_ct sp_div_2_mod_ct +#define mp_div_2 sp_div_2 +#define mp_add sp_add +#define mp_sub sp_sub +#define mp_addmod sp_addmod +#define mp_submod sp_submod +#define mp_addmod_ct sp_addmod_ct +#define mp_submod_ct sp_submod_ct +#define mp_lshd sp_lshd +#define mp_rshd sp_rshd +#define mp_div sp_div +#define mp_mod sp_mod +#define mp_mul sp_mul +#define mp_mulmod sp_mulmod +#define mp_invmod sp_invmod +#define mp_invmod_mont_ct sp_invmod_mont_ct +#define mp_exptmod_ex sp_exptmod_ex +#define mp_exptmod sp_exptmod +#define mp_exptmod_nct sp_exptmod_nct +#define mp_div_2d sp_div_2d +#define mp_mod_2d sp_mod_2d +#define mp_mul_2d sp_mul_2d +#define mp_sqr sp_sqr +#define mp_sqrmod sp_sqrmod -#define MP_OKAY 0 -#define MP_MEM -2 -#define MP_VAL -3 -#define FP_WOULDBLOCK -4 +#define mp_unsigned_bin_size sp_unsigned_bin_size +#define mp_read_unsigned_bin sp_read_unsigned_bin +#define mp_to_unsigned_bin sp_to_unsigned_bin +#define mp_to_unsigned_bin_len sp_to_unsigned_bin_len +#define mp_to_unsigned_bin_at_pos sp_to_unsigned_bin_at_pos +#define mp_read_radix sp_read_radix +#define mp_tohex sp_tohex +#define mp_todecimal sp_todecimal +#define mp_toradix sp_toradix +#define mp_radix_size sp_radix_size -#define DIGIT_BIT SP_WORD_SIZE -#define MP_MASK SP_MASK +#define mp_rand_prime sp_rand_prime +#define mp_prime_is_prime sp_prime_is_prime +#define mp_prime_is_prime_ex sp_prime_is_prime_ex +#define mp_gcd sp_gcd +#define mp_lcm sp_lcm -#define CheckFastMathSettings() 1 - -#define mp_free sp_free - -#define mp_isodd sp_isodd -#define mp_iseven sp_iseven -#define mp_iszero sp_iszero -#define mp_isone sp_isone -#define mp_abs sp_abs - -#define mp_init sp_init -#define mp_init_multi sp_init_multi -#define mp_clear sp_clear -#define mp_read_unsigned_bin sp_read_unsigned_bin -#define mp_unsigned_bin_size sp_unsigned_bin_size -#define mp_read_radix sp_read_radix -#define mp_cmp sp_cmp -#define mp_count_bits sp_count_bits -#define mp_leading_bit sp_leading_bit -#define mp_to_unsigned_bin sp_to_unsigned_bin -#define mp_to_unsigned_bin_len sp_to_unsigned_bin_len -#define mp_forcezero sp_forcezero -#define mp_copy sp_copy -#define mp_set sp_set -#define mp_clamp sp_clamp -#define mp_grow sp_grow -#define mp_sub_d sp_sub_d -#define mp_cmp_d sp_cmp_d -#define mp_sub sp_sub -#define mp_mod sp_mod -#define mp_zero sp_zero -#define mp_add_d sp_add_d -#define mp_lshd sp_lshd -#define mp_add sp_add -#define mp_set_int sp_set_int -#define mp_tohex sp_tohex -#define mp_set_bit sp_set_bit -#define mp_2expt sp_2expt -#define mp_rand_prime sp_rand_prime -#define mp_mul sp_mul -#define mp_mulmod sp_mulmod -#define mp_gcd sp_gcd -#define mp_invmod sp_invmod -#define mp_lcm sp_lcm -#define mp_exptmod sp_exptmod -#define mp_exptmod_nct sp_exptmod -#define mp_prime_is_prime sp_prime_is_prime -#define mp_prime_is_prime_ex sp_prime_is_prime_ex -#define mp_exch sp_exch -#define get_digit_count sp_get_digit_count -#define mp_init_copy sp_init_copy -#define mp_rshb(A,x) sp_rshb(A,x,A) -#define mp_mul_d sp_mul_d +#endif +#ifdef __cplusplus +} /* extern "C" */ #endif #endif /* WOLF_CRYPT_SP_H */ - diff --git a/source/libs/libwolfssl/wolfcrypt/types.h b/source/libs/libwolfssl/wolfcrypt/types.h index 59d493cf..8862c5a8 100644 --- a/source/libs/libwolfssl/wolfcrypt/types.h +++ b/source/libs/libwolfssl/wolfcrypt/types.h @@ -154,6 +154,7 @@ decouple library dependencies with standard string, memory and so on. #ifdef WORD64_AVAILABLE #define WOLFCRYPT_SLOW_WORD64 #endif + #define WC_32BIT_CPU #endif #elif defined(WC_16BIT_CPU) @@ -167,6 +168,7 @@ decouple library dependencies with standard string, memory and so on. typedef word32 wolfssl_word; #define MP_16BIT /* for mp_int, mp_word needs to be twice as big as mp_digit, no 64 bit type so make mp_digit 16 bit */ + #define WC_32BIT_CPU #endif enum { @@ -493,11 +495,12 @@ decouple library dependencies with standard string, memory and so on. #define XSTRLEN(s1) strlen((s1)) #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) - /* strstr, strncmp, and strncat only used by wolfSSL proper, + /* strstr, strncmp, strcmp, and strncat only used by wolfSSL proper, * not required for wolfCrypt only */ #define XSTRSTR(s1,s2) strstr((s1),(s2)) #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n)) #define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n)) + #define XSTRCMP(s1,s2) strcmp((s1),(s2)) #define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n)) #ifdef USE_WOLF_STRSEP @@ -647,9 +650,12 @@ decouple library dependencies with standard string, memory and so on. #include #endif #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \ - defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) + defined(WOLFSSL_KEY_GEN) || !defined(NO_DSA) || \ + defined(OPENSSL_EXTRA) #define XTOUPPER(c) toupper((c)) - #define XISALPHA(c) isalpha((c)) + #endif + #ifdef OPENSSL_ALL + #define XISALNUM(c) isalnum((c)) #endif /* needed by wolfSSL_check_domain_name() */ #define XTOLOWER(c) tolower((c)) @@ -784,7 +790,8 @@ decouple library dependencies with standard string, memory and so on. /* hash types */ enum wc_HashType { - #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) + #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) && \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)) /* In selftest build, WC_* types are not mapped to WC_HASH_TYPE types. * Values here are based on old selftest hmac.h enum, with additions. * These values are fixed for backwards FIPS compatibility */ @@ -858,8 +865,10 @@ decouple library dependencies with standard string, memory and so on. WC_PK_TYPE_CURVE25519 = 7, WC_PK_TYPE_RSA_KEYGEN = 8, WC_PK_TYPE_EC_KEYGEN = 9, + WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10, + WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11, - WC_PK_TYPE_MAX = WC_PK_TYPE_EC_KEYGEN + WC_PK_TYPE_MAX = WC_PK_TYPE_EC_CHECK_PRIV_KEY }; diff --git a/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h b/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h index 15a0384d..15412bfb 100644 --- a/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h +++ b/source/libs/libwolfssl/wolfcrypt/wc_pkcs11.h @@ -67,7 +67,6 @@ enum Pkcs11KeyType { PKCS11_KEY_TYPE_EC, }; - WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap); WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev); diff --git a/source/libs/libwolfssl/wolfcrypt/wc_port.h b/source/libs/libwolfssl/wolfcrypt/wc_port.h index e34bd24f..5564d993 100644 --- a/source/libs/libwolfssl/wolfcrypt/wc_port.h +++ b/source/libs/libwolfssl/wolfcrypt/wc_port.h @@ -81,6 +81,7 @@ _Pragma("GCC diagnostic ignored \"-Wsign-compare\""); _Pragma("GCC diagnostic ignored \"-Wpointer-sign\""); _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\""); + _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\""); #include #include @@ -88,6 +89,7 @@ #include #include #include + #include #ifndef SINGLE_THREADED #include #endif @@ -99,19 +101,52 @@ #else #include #endif - #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin() - #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end() + #ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin() + #endif + #ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end() + #endif #elif defined(WOLFSSL_ARMASM) #include - #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); }) - #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); }) + #ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS() ({ preempt_disable(); fpsimd_preserve_current_state(); }) + #endif + #ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() ({ fpsimd_restore_current_state(); preempt_enable(); }) + #endif #else - #define SAVE_VECTOR_REGISTERS() ({}) - #define RESTORE_VECTOR_REGISTERS() ({}) + #ifndef SAVE_VECTOR_REGISTERS + #define SAVE_VECTOR_REGISTERS() ({}) + #endif + #ifndef RESTORE_VECTOR_REGISTERS + #define RESTORE_VECTOR_REGISTERS() ({}) + #endif #endif _Pragma("GCC diagnostic pop"); + /* Linux headers define these using C expressions, but we need + * them to be evaluable by the preprocessor, for use in sp_int.h. + */ + _Static_assert(sizeof(ULONG_MAX) == 8, "WOLFSSL_LINUXKM supported only on targets with 64 bit long words."); + #undef UCHAR_MAX + #define UCHAR_MAX 255 + #undef USHRT_MAX + #define USHRT_MAX 65535 + #undef UINT_MAX + #define UINT_MAX 4294967295U + #undef ULONG_MAX + #define ULONG_MAX 18446744073709551615UL + #undef ULLONG_MAX + #define ULLONG_MAX ULONG_MAX + #undef INT_MAX + #define INT_MAX 2147483647 + #undef LONG_MAX + #define LONG_MAX 9223372036854775807L + #undef LLONG_MAX + #define LLONG_MAX LONG_MAX + /* remove this multifariously conflicting macro, picked up from * Linux arch//include/asm/current.h. */ @@ -122,9 +157,17 @@ */ #define _MM_MALLOC_H_INCLUDED +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) + /* kvmalloc()/kvfree() and friends added in linux commit a7c3e901 */ + #define malloc(x) kvmalloc(x, GFP_KERNEL) + #define free(x) kvfree(x) + void *lkm_realloc(void *ptr, size_t newsize); + #define realloc(x, y) lkm_realloc(x, y) +#else #define malloc(x) kmalloc(x, GFP_KERNEL) #define free(x) kfree(x) #define realloc(x,y) krealloc(x, y, GFP_KERNEL) +#endif /* min() and max() in linux/kernel.h over-aggressively type-check, producing * myriad spurious -Werrors throughout the codebase. @@ -157,8 +200,10 @@ #else /* ! WOLFSSL_LINUXKM */ - #ifdef BUILDING_WOLFSSL + #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS() do{}while(0) + #endif + #ifndef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() do{}while(0) #endif @@ -193,6 +238,8 @@ /* do nothing, just don't pick Unix */ #elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS) /* do nothing */ +#elif defined(RTTHREAD) + /* do nothing */ #elif defined(EBSNET) /* do nothing */ #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) @@ -298,6 +345,9 @@ #include "FreeRTOS.h" #include "semphr.h" typedef SemaphoreHandle_t wolfSSL_Mutex; + #elif defined (RTTHREAD) + #include "rtthread.h" + typedef rt_mutex_t wolfSSL_Mutex; #elif defined(WOLFSSL_SAFERTOS) typedef struct wolfSSL_Mutex { signed char mutexBuffer[portQUEUE_OVERHEAD_BYTES]; @@ -409,6 +459,11 @@ WOLFSSL_API int wc_SetMutexCb(mutex_cb* cb); WOLFSSL_API int wolfCrypt_Init(void); WOLFSSL_API int wolfCrypt_Cleanup(void); +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + WOLFSSL_API long wolfCrypt_heap_peakAllocs_checkpoint(void); + WOLFSSL_API long wolfCrypt_heap_peakBytes_checkpoint(void); +#endif + /* FILESYSTEM SECTION */ /* filesystem abstraction layer, used by ssl.c */ @@ -564,6 +619,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #else #define XFOPEN fopen #endif + #define XFDOPEN fdopen #define XFSEEK fseek #define XFTELL ftell #define XREWIND rewind @@ -579,6 +635,9 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #include #include #include + #define XWRITE write + #define XREAD read + #define XCLOSE close #endif #endif @@ -786,7 +845,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #ifdef BUILDING_WOLFSSL /* includes are all above, with incompatible warnings masked out. */ - #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 0) typedef __kernel_time_t time_t; #else typedef __kernel_time64_t time_t; diff --git a/source/network/picohttpparser.c b/source/network/picohttpparser.c index f16c0924..5e5783ab 100644 --- a/source/network/picohttpparser.c +++ b/source/network/picohttpparser.c @@ -449,7 +449,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min } PARSE_INT_3(status); - /* get message includig preceding space */ + /* get message including preceding space */ if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) { return NULL; }